Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
OpenClaw allows intrusion via IPv6 multicast addresses
GHSA-h97f-6pqj-q452
Summary
OpenClaw's security feature failed to block certain types of IPv6 addresses, potentially allowing unauthorized access to sensitive information. This issue is fixed in versions 2026.2.25 and later. Affected users should update to the latest version.
What to do
- Update openclaw to version 2026.2.25.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.24 | 2026.2.25 |
Original title
OpenClaw has a IPv6 multicast SSRF classifier bypass
Original description
### Summary
OpenClaw's SSRF IP classifier did not treat IPv6 multicast literals (`ff00::/8`) as blocked/private-internal. This allowed literal multicast hosts to pass SSRF preflight checks.
### Impact
A bypass in address classification existed for IPv6 multicast literals. OpenClaw's network fetch/navigation paths are constrained to HTTP/HTTPS and this was triaged as low-severity defense-in-depth hardening.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.24`
- Patched versions: `>= 2026.2.25`
### Technical Details
The IPv6 private/internal range set omitted `multicast`, so addresses like `ff02::1` and `ff05::1:3` were not classified as blocked by the shared SSRF classifier.
### Fix Commit(s)
- `baf656bc6fd7f83b6033e6dbc2548ec75028641f`
### Release Process Note
`patched_versions` is pre-set to the planned next npm release (`2026.2.25`). Once that release is published on npm, the advisory is published.
OpenClaw thanks @zpbrent for reporting.
OpenClaw's SSRF IP classifier did not treat IPv6 multicast literals (`ff00::/8`) as blocked/private-internal. This allowed literal multicast hosts to pass SSRF preflight checks.
### Impact
A bypass in address classification existed for IPv6 multicast literals. OpenClaw's network fetch/navigation paths are constrained to HTTP/HTTPS and this was triaged as low-severity defense-in-depth hardening.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.24`
- Patched versions: `>= 2026.2.25`
### Technical Details
The IPv6 private/internal range set omitted `multicast`, so addresses like `ff02::1` and `ff05::1:3` were not classified as blocked by the shared SSRF classifier.
### Fix Commit(s)
- `baf656bc6fd7f83b6033e6dbc2548ec75028641f`
### Release Process Note
`patched_versions` is pre-set to the planned next npm release (`2026.2.25`). Once that release is published on npm, the advisory is published.
OpenClaw thanks @zpbrent for reporting.
ghsa CVSS4.0
6.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026