Description
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections.
Problem types
CWE-918 Server-Side Request Forgery (SSRF)
Product status
Any version before 2026.4.8
2026.4.8 (semver)
Credits
smaeljaish771
KeenSecurityLab
References
github.com/...enclaw/security/advisories/GHSA-w8g9-x8gx-crmm (GitHub Security Advisory (GHSA-w8g9-x8gx-crmm))
github.com/...ommit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5 (Patch Commit)
www.vulncheck.com/...bypass-via-playwright-redirect-handling (VulnCheck Advisory: OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling)