OpenClaw Browser Control SSRF Bypass, CVE-2026-53812 (Medium) -DC-Jul2026-833

Listen to this Post

How CVE-2026-53812 Works

OpenClaw is a personal AI assistant that includes a browser control feature powered by Playwright, allowing authenticated users to automate browser interactions. To prevent Server-Side Request Forgery (SSRF) attacks, OpenClaw implements a private-network navigation policy that blocks direct navigation to private or loopback URLs (e.g., 127.0.0.1, 192.168.x.x).
CVE-2026-53812 arises from a logical flaw in how this policy is enforced. The core issue is that the SSRF check is performed before certain Playwright `act` interactions are executed. Some Playwright actions—such as clicking a link or submitting a form—can trigger a navigation to a new URL after the initial security check has already passed.
An attacker can exploit this by first directing the browser to an attacker-controlled page that passes the SSRF validation. This page then uses a Playwright `act` interaction (e.g., an automatic redirect or a user-action simulation) to navigate the browser tab to a private-network target. Because this navigation occurs after the initial policy check, the private-network guard is bypassed.
Once the browser is on the private-network page, the attacker can leverage OpenClaw’s browser evaluation capabilities—an intentional feature for trusted operators—to read the content of that page. This allows an authenticated attacker to exfiltrate sensitive information from internal services, such as metadata endpoints, internal dashboards, or configuration files, that should not be accessible from the outside. The vulnerability is classified as CWE-918: Server-Side Request Forgery (SSRF).

DailyCVE Form

Platform: OpenClaw
Version: < 2026.5.18
Vulnerability: SSRF Bypass
Severity: Medium (CVSS 4.9)
date: 2026-06-11

Prediction: 2026-05-18

What Undercode Say

  • CVSS Score: 4.9 (Medium)
  • CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
  • EPSS Score: Unavailable
  • CISA KEV: Not listed
  • Weakness: CWE-918 Server-Side Request Forgery (SSRF)

Exploit

An attacker with valid authentication can exploit this vulnerability by following these steps:
1. Craft a Malicious Page: Host a page on an attacker-controlled, publicly accessible server. This page is designed to automatically trigger a navigation to a private-network target using a Playwright `act` interaction, such as an HTTP redirect or a simulated click.
2. Initiate Browser Control: Using the OpenClaw API, instruct the browser to navigate to the attacker-controlled page. This initial request passes the SSRF policy check because the URL is public.
3. Trigger the Bypass: The Playwright `act` interaction on the malicious page executes, causing the browser to navigate to the private-network target (e.g., `http://169.254.169.254/latest/meta-data/`). This navigation is not subject to the SSRF check.
4. Exfiltrate Data: Use OpenClaw’s `browser.evaluate` capability to read the content of the private page and exfiltrate the data.

Protection

  • Upgrade: The primary mitigation is to upgrade to OpenClaw version `2026.5.18` or later, which patches this vulnerability.
  • Restrict Access: Before upgrading, restrict browser-control access to only trusted operators.
  • Network Segmentation: Implement network segmentation or firewall rules to block Playwright-initiated requests from accessing private-network resources.
  • Least Privilege: Enforce the principle of least privilege for authentication to limit the potential impact of compromised credentials.

Impact

  • Data Leakage: An authenticated attacker can read the content of internal web services, potentially exposing sensitive configuration, metadata, or internal application data.
  • Bypass of Security Controls: The vulnerability completely bypasses the private-network navigation guard, rendering the SSRF protection ineffective for a specific attack path.
  • No Authentication Bypass: The issue does not grant access to OpenClaw without authentication. An attacker must already have valid credentials.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top