GHSA-j4c5-89f5-f3pm: Server-Side Request Forgery via CDP Profile Configuration in OpenClaw
Vulnerability ID: GHSA-J4C5-89F5-F3PM
CVSS Score: Not Assigned
Published: 2026-04-25
OpenClaw versions prior to 2026.4.18 are vulnerable to a Server-Side Request Forgery (SSRF) flaw due to improper state merging. The application automatically extracted hostnames defined in Chrome DevTools Protocol (CDP) profile configurations and incorrectly appended them to the global SSRF navigation allowlist. This behavior allowed attackers or malicious configurations to authorize automated browser navigation to restricted internal networks and cloud metadata services.
TL;DR
A flaw in OpenClaw's configuration parsing merged backend CDP hostnames into the frontend browser navigation allowlist, enabling SSRF bypasses against restricted internal networks.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-918
- Attack Vector: Network
- Impact: SSRF/Bypass
- Severity: Low
- Exploit Status: Proof-of-Concept
- KEV Status: Not Listed
Affected Systems
- OpenClaw
-
OpenClaw: < 2026.4.18 (Fixed in:
2026.4.18)
Code Analysis
Commit: 1fd049e
scope remote CDP host allowlist
Commit: e90c89c
auto-allowlist configured CDP hostnames in SSRF policy
Mitigation Strategies
- Upgrade to patched software version.
- Implement server-side input validation on profile creation configuration fields.
- Enforce network-level egress controls to restrict container outbound access to internal subnets.
Remediation Steps:
- Identify all OpenClaw instances running versions prior to 2026.4.18.
- Update the OpenClaw packages to version 2026.4.18.
- Review existing user profiles for any unauthorized internal IP addresses or hostnames in the cdpUrl parameter.
- Verify that the ssrfPolicy configuration enforces dangerouslyAllowPrivateNetwork: false.
References
Read the full report for GHSA-J4C5-89F5-F3PM on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)