CVE-2026-62201
OpenClaw · OpenClaw
A server-side request forgery (SSRF) vulnerability in OpenClaw allows an authenticated user to bypass network policies via the execution server.
Executive summary
An authenticated SSRF vulnerability in OpenClaw could allow attackers to bypass network security controls and perform unauthorized requests.
Vulnerability
This is a server-side request forgery (CWE-918) vulnerability occurring in the execution server component. It requires the attacker to be an authenticated user with low privileges to trigger the request.
Business impact
An SSRF vulnerability can be leveraged to probe internal network resources, bypass firewalls, or interact with services not intended for public access. With a CVSS score of 7.7, this represents a significant risk to internal network segmentation and could lead to unauthorized data exposure or interaction with sensitive internal infrastructure.
Remediation
Immediate Action: Update OpenClaw to version 2026.6.6 or later to apply the necessary security fixes.
Proactive Monitoring: Review web server and application logs for unusual outbound requests or attempts to access internal-only network endpoints.
Compensating Controls: Implement strict egress filtering on the server hosting OpenClaw to prevent unauthorized connections to internal or sensitive external network ranges.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Addressing this SSRF vulnerability is critical for maintaining internal network security. Administrators should verify their current version and deploy the update to 2026.6.6 immediately.