CVE-2026-32019

HIGH

OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

Title source: cna

Description

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch functionality to access blocked addresses such as 198.18.0.0/15 and other non-global ranges.

References (6)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47

[Patch] https://github.com/openclaw/openclaw/commit/71bd15bb4294d3d1b54386064d69cd0f5f731bd8

View Patch ZIP pw:eip

[Patch] https://github.com/openclaw/openclaw/commit/44dfbd23df453e51b71ef79a148c28c53e89168c

[Patch] https://github.com/openclaw/openclaw/commit/333fbb86347998526dd514290adfd5f727caa6d9

[Patch] https://github.com/openclaw/openclaw/commit/f14ebd743cfc73f667fae80af70043d0ab1f88bd

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-incomplete-ipv4-special-use-range-blocking-in-ssrf-guard

Scores

CVSS v3 7.4

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (4)

npm/openclaw 0 - 2026.2.22npm

OpenClaw/OpenClaw < 2026.2.22

openclaw/openclaw < 2026.2.22

OpenClaw/OpenClaw 2026.2.22

Published Mar 19, 2026

Tracked Since Mar 20, 2026