Listen to this Post
How the CVE Works
The incomplete fix for CVE-2026-28476 left several channel extensions in OpenClaw using raw `fetch()` against user‑configurable base URLs. Without the SSRF guard, an attacker can supply a malicious base URL that points to internal network endpoints (e.g., 169.254.169.254, localhost, internal APIs). When the extension processes a request, the server itself makes the HTTP call to that attacker‑controlled URL, allowing the attacker to read internal services, perform port scans, or access metadata endpoints. The initial fix introduced `fetchWithSsrFGuard` to block such requests, but it was not applied consistently across all channel extensions. Versions up to and including v2026.3.24 remain vulnerable, while commit `f92c92515bd439a71bd03eb1bc969c1964f17acf` routes all outbound requests through the guard, effectively closing the bypass. The vulnerability is triggered when an extension with a configured base URL receives a message or instruction that leads to an outgoing request, enabling SSRF without additional authentication requirements.
dailycve form
Platform: OpenClaw
Version: <=2026.3.24
Vulnerability: SSRF incomplete fix
Severity: High
date: 2026-03-29
Prediction: include expected Patch date. 2026-03-29
What Undercode Say:
Analytics
Check vulnerable version
git tag | grep v2026.3.24
Inspect the fix commit
git show f92c92515bd439a71bd03eb1bc969c1964f17acf
Grep for raw fetch usage in extensions
grep -r "fetch(" src/channels/ | grep -v "fetchWithSsrFGuard"
Exploit
POST /channel/webhook HTTP/1.1
Host: target.openclaw.local
Content-Type: application/json
{
"config": {
"baseUrl": "http://169.254.169.254/latest/meta-data/"
},
"message": "trigger request"
}
Protection from this CVE
Upgrade to the latest `main` build containing commit f92c925. If unable to upgrade, manually patch all channel extensions to replace raw `fetch()` calls with `fetchWithSsrFGuard()` and restart the service.
Impact
An attacker with control over the channel’s configuration (e.g., via API or message) can force the OpenClaw server to make arbitrary HTTP requests to internal networks, leading to data leakage, internal service discovery, and potential privilege escalation in cloud environments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

