PT-2026-32069 · Npm · Openclaw
Publicado
2026-03-31
·
Atualizado
2026-03-31
CVSS v3.1
3.1
Baixa
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Summary
The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed.
Impact
An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard.
Affected Component
src/shared/net/ip.ts, src/infra/net/ssrf.*Fixed Versions
- Affected:
<= 2026.3.24 - Patched:
>= 2026.3.28 - Latest stable
2026.3.28contains the fix.
Fix
Fixed by commit
d61f8e5672 (Net: block missing IPv6 special-use ranges).OpenClaw thanks @nicky-cc of Tencent zhuque Lab https://github.com/Tencent/AI-Infra-Guard for reporting.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw