CVE-2026-32019
HIGHOpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
Title source: cnaDescription
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch functionality to access blocked addresses such as 198.18.0.0/15 and other non-global ranges.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-4rqq-w8v4-7p47)
https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47
Patch patch
Patch Commit #1
https://github.com/openclaw/openclaw/commit/71bd15bb4294d3d1b54386064d69cd0f5f731bd8
Patch patch
Patch Commit #2
https://github.com/openclaw/openclaw/commit/44dfbd23df453e51b71ef79a148c28c53e89168c
Patch patch
Patch Commit #3
https://github.com/openclaw/openclaw/commit/333fbb86347998526dd514290adfd5f727caa6d9
Patch patch
Patch Commit #4
https://github.com/openclaw/openclaw/commit/f14ebd743cfc73f667fae80af70043d0ab1f88bd
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
https://www.vulncheck.com/advisories/openclaw-incomplete-ipv4-special-use-range-blocking-in-ssrf-guard
Scores
CVSS v3
7.4
EPSS
0.0021
EPSS Percentile
10.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (4)
npm/openclaw
0 - 2026.2.22npm
OpenClaw/OpenClaw
< 2026.2.22
openclaw/openclaw
< 2026.2.22
OpenClaw/OpenClaw
2026.2.22
Published
Mar 19, 2026
Tracked Since
Mar 20, 2026