CVE-2026-62227

Summary

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw2026.4.14 < 2026.5.26affected
OpenClawOpenClaw2026.5.26unaffected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF)

References