OpenClaw, SSRF, CVE-2026-28476 (High)

Listen to this Post

How the CVE Works

The incomplete fix for CVE-2026-28476 left several channel extensions in OpenClaw using raw `fetch()` against user‑configurable base URLs. Without the SSRF guard, an attacker can supply a malicious base URL that points to internal network endpoints (e.g., 169.254.169.254, localhost, internal APIs). When the extension processes a request, the server itself makes the HTTP call to that attacker‑controlled URL, allowing the attacker to read internal services, perform port scans, or access metadata endpoints. The initial fix introduced `fetchWithSsrFGuard` to block such requests, but it was not applied consistently across all channel extensions. Versions up to and including v2026.3.24 remain vulnerable, while commit `f92c92515bd439a71bd03eb1bc969c1964f17acf` routes all outbound requests through the guard, effectively closing the bypass. The vulnerability is triggered when an extension with a configured base URL receives a message or instruction that leads to an outgoing request, enabling SSRF without additional authentication requirements.

dailycve form

Platform: OpenClaw
Version: <=2026.3.24
Vulnerability: SSRF incomplete fix
Severity: High
date: 2026-03-29

Prediction: include expected Patch date. 2026-03-29

What Undercode Say:

Analytics

Check vulnerable version
git tag | grep v2026.3.24
Inspect the fix commit
git show f92c92515bd439a71bd03eb1bc969c1964f17acf
Grep for raw fetch usage in extensions
grep -r "fetch(" src/channels/ | grep -v "fetchWithSsrFGuard"

Exploit

POST /channel/webhook HTTP/1.1
Host: target.openclaw.local
Content-Type: application/json
{
"config": {
"baseUrl": "http://169.254.169.254/latest/meta-data/"
},
"message": "trigger request"
}

Protection from this CVE

Upgrade to the latest `main` build containing commit f92c925. If unable to upgrade, manually patch all channel extensions to replace raw `fetch()` calls with `fetchWithSsrFGuard()` and restart the service.

Impact

An attacker with control over the channel’s configuration (e.g., via API or message) can force the OpenClaw server to make arbitrary HTTP requests to internal networks, leading to data leakage, internal service discovery, and potential privilege escalation in cloud environments.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top