CVE-2026-35629
HIGHOpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions
Title source: cnaDescription
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-rhfg-j8jq-7v2h)
https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions
https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions
Scores
CVSS v3
7.4
EPSS
0.0024
EPSS Percentile
15.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (4)
npm/openclaw
0 - 2026.3.28npm
OpenClaw/OpenClaw
< 2026.3.25
openclaw/openclaw
< 2026.3.25
OpenClaw/OpenClaw
2026.3.25
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026