CVE-2026-35673
MEDIUMOpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes
Title source: cnaDescription
OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should remain protected.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-hcm3-8f6r-6xwg)
https://github.com/openclaw/openclaw/security/advisories/GHSA-hcm3-8f6r-6xwg
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-via-browser-debug-export-routes
Scores
CVSS v3
6.5
EPSS
0.0015
EPSS Percentile
5.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (3)
OpenClaw/OpenClaw
< 2026.4.29
openclaw/openclaw
< 2026.4.29
OpenClaw/OpenClaw
2026.4.29
Published
May 29, 2026
Tracked Since
May 29, 2026