Server-Side Request Forgery (SSRF) in OpenClaw - CVE-2026-26322
Published: May 4, 2026
Vulnerability identifier: #VU129475
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-26322
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to cause outbound WebSocket connections to user-specified targets.
The vulnerability exists due to server-side request forgery in the Gateway tool when processing tool-supplied gatewayUrl overrides. A remote user can supply a crafted gatewayUrl value to cause outbound WebSocket connections to user-specified targets.
In environments where the tool caller can observe the results, this can be used for limited network reachability probing. If the target speaks WebSocket and is reachable, further interaction may be possible.
How to mitigate CVE-2026-26322
Install security update from vendor's website.