GHSA-4rqq-w8v4-7p47
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4rqq-w8v4-7p47
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-4rqq-w8v4-7p47/GHSA-4rqq-w8v4-7p47.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4rqq-w8v4-7p47
- Aliases
- Downstream
- Published
- 2026-03-04T19:03:45Z
- Modified
- 2026-05-05T15:56:08.344024Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard
- Details
-
Summary
isPrivateIpv4()in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, soweb_fetchcould allow targets that should be blocked by SSRF policy.Affected Packages / Versions
- Package:
openclaw(npm) - Latest published affected version:
2026.2.21-2(published 2026-02-21) - Structured vulnerable range:
<= 2026.2.21-2 - Planned patched version (pre-set):
>= 2026.2.22
Impact
Low severity. Exploitation requires network reachability to the relevant special-use ranges and a request path that reaches
web_fetchURL fetching.Technical Details
Affected releases used narrow IPv4 private-range checks that omitted multiple RFC special-use/non-global ranges. This allowed requests such as
http://198.18.0.1/...through SSRF validation in affected releases. Follow-up hardening consolidates local-host/tailnet range checks so gateway/browser/tailnet paths share one canonical IP classification flow.Fix Commit(s)
71bd15bb4294d3d1b54386064d69cd0f5f731bd844dfbd23df453e51b71ef79a148c28c53e89168c333fbb86347998526dd514290adfd5f727caa6d9f14ebd743cfc73f667fae80af70043d0ab1f88bd
OpenClaw thanks @princeeismond-dot for reporting.
- Package:
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-03-04T19:03:45Z", "cwe_ids": [ "CWE-918" ], "severity": "MODERATE", "nvd_published_at": "2026-03-19T22:16:35Z" }- References
-
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47
- https://nvd.nist.gov/vuln/detail/CVE-2026-32019
- https://github.com/openclaw/openclaw/commit/333fbb86347998526dd514290adfd5f727caa6d9
- https://github.com/openclaw/openclaw/commit/44dfbd23df453e51b71ef79a148c28c53e89168c
- https://github.com/openclaw/openclaw/commit/71bd15bb4294d3d1b54386064d69cd0f5f731bd8
- https://github.com/openclaw/openclaw/commit/f14ebd743cfc73f667fae80af70043d0ab1f88bd
- https://github.com/openclaw/openclaw
- https://www.vulncheck.com/advisories/openclaw-incomplete-ipv4-special-use-range-blocking-in-ssrf-guard
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw