CVE-2026-41361
HIGHOpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges
Title source: cnaDescription
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges
https://www.vulncheck.com/advisories/openclaw-ssrf-guard-bypass-via-ipv6-special-use-ranges
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-g86v-f9qv-rh6m)
https://github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m
Scores
CVSS v3
7.1
EPSS
0.0016
EPSS Percentile
5.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-184
CWE-918
Status
published
Products (3)
OpenClaw/OpenClaw
< 2026.3.28
openclaw/openclaw
< 2026.3.28
OpenClaw/OpenClaw
2026.3.28
Published
Apr 23, 2026
Tracked Since
Apr 24, 2026