GHSA-8cp7-rp8r-mg77

Suggest an improvement
Source
https://github.com/advisories/GHSA-8cp7-rp8r-mg77
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-8cp7-rp8r-mg77/GHSA-8cp7-rp8r-mg77.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8cp7-rp8r-mg77
Downstream
Published
2026-03-04T18:55:48Z
Modified
2026-03-04T19:04:48.938954Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenClaw has SSRF guard bypass via IPv6 transition over ISATAP
Details

Summary

OpenClaw's SSRF hostname/IP guard did not detect ISATAP embedded IPv4 addresses (...:5efe:w.x.y.z). A crafted URL containing an ISATAP IPv6 literal could embed a private IPv4 target (for example loopback) and bypass private-address filtering in URL-fetching paths.

Severity Assessment

Rated medium: the bug weakens SSRF protections in URL fetch flows, but impact depends on reaching a URL-fetching path with attacker-controlled input and is generally constrained to internal network access attempts.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: >=2026.1.20 <=2026.2.17
  • Latest published at patch time: 2026.2.17
  • Patched release: 2026.2.19

Security Policy Context

Per SECURITY.md, OpenClaw's web/gateway surface is intended for local use by default, public internet exposure is out-of-scope, and prompt-injection reports are out-of-scope for bounty handling. This advisory tracks a core SSRF-guard bypass in fetch protections.

Impact

This can permit SSRF-style access attempts to internal/private network targets through URL ingestion/fetch paths that rely on shared hostname/IP blocking.

Fix

  • Added RFC 5214 ISATAP embedded-IPv4 detection to the shared SSRF classifier.
  • Centralized hostname/IP blocking through isBlockedHostnameOrIp and routed relevant validators to that shared path.
  • Added regression tests for ISATAP private vs public embedded IPv4 handling.

Fix Commit(s)

  • d51929ecb52fe65e90bf36795f4247feb29eb8aa

OpenClaw thanks @zpbrent for reporting.

Database specific 
{
    "github_reviewed_at": "2026-03-04T18:55:48Z",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-918"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

npm / openclaw

Package

Name
openclaw
View open source insights on deps.dev
Purl
pkg:npm/openclaw

Affected ranges

Type
SEMVER
Events
Introduced
2026.1.20
Fixed
2026.2.19

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-8cp7-rp8r-mg77/GHSA-8cp7-rp8r-mg77.json"