Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
OpenClaw extension allows attackers to control HTTP requests to internal hosts
CVE-2026-28476
GHSA-pg2v-8xwh-qhcc
Summary
The OpenClaw extension for Urbit can be tricked into sending HTTP requests to any host, including internal ones, if an attacker can control the Urbit URL configuration. This affects deployments that use the extension and allow untrusted users to change the URL. Update to the latest version of OpenClaw to fix this issue.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
Original title
OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication
Original description
## Summary
The optional Tlon (Urbit) extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery (SSRF) in affected deployments.
## Impact
This only affects deployments that have installed and configured the Tlon (Urbit) extension, and where an attacker can influence the configured Urbit URL. Under those conditions, the gateway could be induced to make HTTP requests to attacker-chosen hosts (including internal addresses).
Deployments that do not use the Tlon extension, or where untrusted users cannot change the Urbit URL, are not impacted.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
## Fixed Versions
- `2026.2.14` (planned next release)
## Fix Commit(s)
- `bfa7d21e997baa8e3437657d59b1e296815cc1b1`
## Details
Urbit authentication now validates and normalizes the base URL and uses an SSRF guard that blocks private/internal hosts by default (opt-in: `channels.tlon.allowPrivateNetwork`).
## Release Process Note
This advisory is pre-populated with the planned patched version (`2026.2.14`). After `[email protected]` is published to npm, publish this advisory without further edits.
Thanks @p80n-sec for reporting.
The optional Tlon (Urbit) extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery (SSRF) in affected deployments.
## Impact
This only affects deployments that have installed and configured the Tlon (Urbit) extension, and where an attacker can influence the configured Urbit URL. Under those conditions, the gateway could be induced to make HTTP requests to attacker-chosen hosts (including internal addresses).
Deployments that do not use the Tlon extension, or where untrusted users cannot change the Urbit URL, are not impacted.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
## Fixed Versions
- `2026.2.14` (planned next release)
## Fix Commit(s)
- `bfa7d21e997baa8e3437657d59b1e296815cc1b1`
## Details
Urbit authentication now validates and normalizes the base URL and uses an SSRF guard that blocks private/internal hosts by default (opt-in: `channels.tlon.allowPrivateNetwork`).
## Release Process Note
This advisory is pre-populated with the planned patched version (`2026.2.14`). After `[email protected]` is published to npm, publish this advisory without further edits.
Thanks @p80n-sec for reporting.
nvd CVSS3.1
8.3
nvd CVSS4.0
6.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
- https://nvd.nist.gov/vuln/detail/CVE-2026-28476
- https://github.com/advisories/GHSA-pg2v-8xwh-qhcc
- https://github.com/openclaw/openclaw/commit/bfa7d21e997baa8e3437657d59b1e296815c...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-pg2v-8xwh-qhcc
- https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-tlo...
Published: 18 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026