CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4627 vulnerabilities reference this CWE, most recent first.
GHSA-VQ52-99R9-H5PW
Vulnerability from github – Published: 2025-02-11 06:30 – Updated: 2025-02-20 16:41Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.
{
"affected": [
{
"package": {
"ecosystem": "Hex",
"name": "hackney"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-1211"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-11T17:59:52Z",
"nvd_published_at": "2025-02-11T05:15:14Z",
"severity": "LOW"
},
"details": "Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.",
"id": "GHSA-vq52-99r9-h5pw",
"modified": "2025-02-20T16:41:45Z",
"published": "2025-02-11T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1211"
},
{
"type": "WEB",
"url": "https://github.com/benoitc/hackney/commit/9594ce58fabd32cd897fc28fae937694515a3d4a"
},
{
"type": "WEB",
"url": "https://gist.github.com/snoopysecurity/996de09ec0cfd0ebdcfdda8ff515deb1"
},
{
"type": "PACKAGE",
"url": "https://github.com/benoitc/hackney"
},
{
"type": "WEB",
"url": "https://github.com/benoitc/hackney/releases/tag/1.21.0"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-HEX-HACKNEY-6516131"
},
{
"type": "WEB",
"url": "https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:P",
"type": "CVSS_V4"
}
],
"summary": "Server-side Request Forgery (SSRF) in hackney"
}
GHSA-VQ9J-JH62-5HMP
Vulnerability from github – Published: 2018-10-16 23:13 – Updated: 2023-12-19 22:22Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). The vulnerability is not given for SAX or StAX sources.
Mitigation: 2.17.x users should upgrade to 2.17.6, 2.18.x users should upgrade to 2.18.3.
The JIRA tickets https://issues.apache.org/jira/browse/CAMEL-10894 refers to the various commits that resolved the issue, and have more details.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.camel:camel-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.17.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.camel:camel-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.18.0"
},
{
"fixed": "2.18.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-5643"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:58:03Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). The vulnerability is not given for SAX or StAX sources.\n\nMitigation: 2.17.x users should upgrade to 2.17.6, 2.18.x users should upgrade to 2.18.3. \n\nThe JIRA tickets https://issues.apache.org/jira/browse/CAMEL-10894 refers to the various commits that resolved the issue, and have more details.\n",
"id": "GHSA-vq9j-jh62-5hmp",
"modified": "2023-12-19T22:22:28Z",
"published": "2018-10-16T23:13:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5643"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel/commit/2c6964ae94d8f9a9c9a32e5ae5a0b794e8b8d3be"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel/commit/8afc5d1757795fde715902067360af5d90f046da"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel/commit/9f7376abbff7434794f2c7c2909e02bac232fb5b"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vq9j-jh62-5hmp"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/CAMEL-10894"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
},
{
"type": "WEB",
"url": "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1\u0026modificationDate=1489652454000\u0026api=v2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97226"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Camel\u0027s Validation Component is vulnerable against SSRF via remote DTDs and XXE."
}
GHSA-VQC2-C9JH-3JJV
Vulnerability from github – Published: 2026-06-01 12:30 – Updated: 2026-07-08 20:23Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to version 2.0.2-incubating, which fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.fesod:fesod-sheet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.2-incubating"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49328"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-08T20:23:57Z",
"nvd_published_at": "2026-06-01T11:16:25Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to version 2.0.2-incubating, which fixes this issue.",
"id": "GHSA-vqc2-c9jh-3jjv",
"modified": "2026-07-08T20:23:57Z",
"published": "2026-06-01T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49328"
},
{
"type": "WEB",
"url": "https://github.com/apache/fesod/pull/917"
},
{
"type": "WEB",
"url": "https://fesod.apache.org/docs/download"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/fesod"
},
{
"type": "WEB",
"url": "https://github.com/apache/fesod/releases/tag/2.0.2-incubating"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/c1pb5b66h02p9tlrnfbwcgcz85v16fkj"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/01/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Fesod is vulnerable to Server-Side Request Forgery through its UrlImageConverter component"
}
GHSA-VQJX-886G-C3RV
Vulnerability from github – Published: 2024-03-05 18:31 – Updated: 2024-08-29 21:31A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
{
"affected": [],
"aliases": [
"CVE-2024-27563"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T17:15:06Z",
"severity": "MODERATE"
},
"details": "A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.",
"id": "GHSA-vqjx-886g-c3rv",
"modified": "2024-08-29T21:31:02Z",
"published": "2024-03-05T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27563"
},
{
"type": "WEB",
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VQP5-2MRP-QQXG
Vulnerability from github – Published: 2026-05-18 09:31 – Updated: 2026-06-01 15:29Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost Advisory ID: MMSA-2026-00582
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "11.5.0"
},
{
"fixed": "11.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.11.0"
},
{
"fixed": "10.11.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20260325160634-e738016c5920"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.2-0.20260325160634-e738016c5920"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6333"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-01T15:29:47Z",
"nvd_published_at": "2026-05-18T09:16:23Z",
"severity": "LOW"
},
"details": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost Advisory ID: MMSA-2026-00582",
"id": "GHSA-vqp5-2mrp-qqxg",
"modified": "2026-06-01T15:29:47Z",
"published": "2026-05-18T09:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6333"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/e738016c592045e14bf926eafaeda6f8521def6d"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost doesn\u0027t validate the Host header when constructing response URLs for custom slash command"
}
GHSA-VQWH-5JHH-VC9P
Vulnerability from github – Published: 2025-08-21 09:30 – Updated: 2025-08-29 20:52Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.5.9"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250814075248-83a37a861d3c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47700"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-21T16:02:16Z",
"nvd_published_at": "2025-08-21T08:15:29Z",
"severity": "LOW"
},
"details": "Mattermost Server versions 10.5.x \u003c= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions",
"id": "GHSA-vqwh-5jhh-vc9p",
"modified": "2025-08-29T20:52:24Z",
"published": "2025-08-21T09:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47700"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Server SSRF Vulnerability via the Agents Plugin"
}
GHSA-VQX6-6J84-2794
Vulnerability from github – Published: 2026-06-16 21:31 – Updated: 2026-06-18 20:11Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-gxg4-2rrr-jhc7. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2026.5.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T20:11:21Z",
"nvd_published_at": "2026-06-16T19:17:03Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-gxg4-2rrr-jhc7. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.",
"id": "GHSA-vqx6-6j84-2794",
"modified": "2026-06-18T20:11:21Z",
"published": "2026-06-16T21:31:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53859"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-hostname-validation-bypass-via-trailing-dot-inconsistency"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Hostname checks could treat trailing-dot hosts inconsistently",
"withdrawn": "2026-06-18T20:11:21Z"
}
GHSA-VR4X-W39V-5C7H
Vulnerability from github – Published: 2026-01-15 00:31 – Updated: 2026-01-15 00:31Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.
{
"affected": [],
"aliases": [
"CVE-2026-0600"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T23:15:56Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.",
"id": "GHSA-vr4x-w39v-5c7h",
"modified": "2026-01-15T00:31:38Z",
"published": "2026-01-15T00:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0600"
},
{
"type": "WEB",
"url": "https://support.sonatype.com/hc/en-us/articles/47928855816595"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VR56-Q77C-X8PG
Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2022-01-04 00:01VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
{
"affected": [],
"aliases": [
"CVE-2021-22056"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T21:15:00Z",
"severity": "HIGH"
},
"details": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.",
"id": "GHSA-vr56-q77c-x8pg",
"modified": "2022-01-04T00:01:27Z",
"published": "2021-12-21T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22056"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VR5G-MMX7-H897
Vulnerability from github – Published: 2026-04-09 17:36 – Updated: 2026-04-28 18:25Impact
Browser SSRF Policy Bypass via Interaction-Triggered Navigation.
Browser interactions could trigger navigations that bypassed the normal SSRF navigation checks.
OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.4.5 - Patched versions:
2026.4.8
Fix
The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.
Verification
The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.
Credits
Thanks @ccreater222 and @KeenSecurityLab for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41912"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-09T17:36:48Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Impact\n\nBrowser SSRF Policy Bypass via Interaction-Triggered Navigation.\n\nBrowser interactions could trigger navigations that bypassed the normal SSRF navigation checks.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.4.5`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @ccreater222 and @KeenSecurityLab for reporting.",
"id": "GHSA-vr5g-mmx7-h897",
"modified": "2026-04-28T18:25:56Z",
"published": "2026-04-09T17:36:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.