CVE-2026-35629

HIGH

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.

CVSS v3.1 Score

7.4
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 4/9/2026Modified: 4/15/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-35629 — OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability i...

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.

CVE-2026-35629
NIST NVD

References (3)

https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acfPatchhttps://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2hVendor Advisoryhttps://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensionsThird Party Advisory