Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
OpenClaw SSRF Protection Can Be Bypassed with Certain IPv6 Addresses
CVE-2026-26324
GHSA-jrvc-8ff5-2f9f
Summary
OpenClaw's built-in security feature to block certain types of internet requests can be tricked into allowing malicious access. This could allow hackers to access internal systems or networks that should be off-limits. To protect your system, update to the latest version of OpenClaw, which includes a fix for this issue.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)
Original description
### Summary
OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard.
- Vulnerable component: SSRF guard (`src/infra/net/ssrf.ts`)
- Issue type: SSRF protection bypass
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable: `<= 2026.2.13`
- Patched: `>= 2026.2.14` (planned next release)
### Details
The SSRF guard's IP classification did not consistently detect private IPv4 addresses when they were embedded in IPv6 using full-form IPv4-mapped IPv6 notation. As a result, inputs like `0:0:0:0:0:ffff:7f00:1` could bypass loopback/private network blocking.
### Fix Commit(s)
- `c0c0e0f9aecb913e738742f73e091f2f72d39a19`
### Release Process Note
This advisory is kept in draft state with the patched version set to the planned next release. Once `[email protected]` is published to npm, the only remaining step should be to publish this advisory.
Thanks @yueyueL for reporting.
OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard.
- Vulnerable component: SSRF guard (`src/infra/net/ssrf.ts`)
- Issue type: SSRF protection bypass
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable: `<= 2026.2.13`
- Patched: `>= 2026.2.14` (planned next release)
### Details
The SSRF guard's IP classification did not consistently detect private IPv4 addresses when they were embedded in IPv6 using full-form IPv4-mapped IPv6 notation. As a result, inputs like `0:0:0:0:0:ffff:7f00:1` could bypass loopback/private network blocking.
### Fix Commit(s)
- `c0c0e0f9aecb913e738742f73e091f2f72d39a19`
### Release Process Note
This advisory is kept in draft state with the patched version set to the planned next release. Once `[email protected]` is published to npm, the only remaining step should be to publish this advisory.
Thanks @yueyueL for reporting.
nvd CVSS3.1
7.5
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://nvd.nist.gov/vuln/detail/CVE-2026-26324
- https://github.com/advisories/GHSA-jrvc-8ff5-2f9f
- https://github.com/openclaw/openclaw/commit/c0c0e0f9aecb913e738742f73e091f2f72d3... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Product Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026