CVE-2026-41361

HIGH NVD

CVSS Score 7.1

Severity HIGH

Published Apr 23, 2026

Vendor unknown

Description

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m
https://www.vulncheck.com/advisories/openclaw-ssrf-guard-bypass-via-ipv6-special-use-ranges