CVE-2026-43573

Summary

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.4.10affected
OpenClawOpenClaw2026.4.10unaffected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References