Main Vulnerability Database Vulnerabilities #VU126440

Input validation error in OpenClaw - #VU126440

Published: April 17, 2026

Vulnerability identifier: #VU126440

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to perform server-side request forgery.

The vulnerability exists due to improper input validation in browser hostname validation when processing hostname navigation under restrictive policy. A remote attacker can use DNS rebinding to bypass hostname/IP resolution checks to perform server-side request forgery.

The issue occurs because the validated hostname or IP resolution can differ from the address ultimately used by Chromium.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj

Input validation error in OpenClaw - #VU126440

Detailed vulnerability description

Remediation

Sources

Please verify you're human