Nicky

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.20 **Description** An issue exists in browser CDP profile creation that allows for server-side request forgery (SSRF), a flaw where a server is tricked into making requests to an unintended location. This occurs because strict-mode SSRF policy checks are skipped, enabling attackers to create stored profiles pointing to metadata endpoints or private networks that bypass security policies. These profiles are subsequently probed during normal profile status operations. **Recommendations** Update to version 2026.4.20.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.28 **Description** An environment variable disclosure exists in the jq safe-bin policy. The policy fails to block the `$ENV` filter, allowing attackers to bypass safe-bin restrictions by using `$ENV` in jq programs to access sensitive environment variables that should be restricted. **Recommendations** Update to version 2026.3.28.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.28 **Description** An SSRF guard bypass exists due to the failure to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs that target internal or non-routable IPv6 addresses to bypass Server-Side Request Forgery (SSRF) protections. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. **Recommendations** Update to version 2026.3.28.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.5 **Description** A server-side request forgery (SSRF) issue exists in the CDP "/json/version" WebSocket endpoint. The `webSocketDebuggerUrl` response field is not properly validated, which allows attackers to redirect connections to arbitrary hosts and pivot to untrusted second-hop targets. **Recommendations** Update to version 2026.4.5 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.10 **Description** A server-side request forgery (SSRF) policy bypass exists in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the '/tabs/action' endpoint to perform unauthorized tab navigation operations, which weakens tab-level navigation protections. **Recommendations** Update to version 2026.4.10 or newer.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.8 **Description** An improper authorization issue exists where the 'node.pair.approve' method accepts the `operator.write` scope instead of the more restrictive `operator.pairing` scope. This allows users with `operator.write` permissions to bypass pairing approval restrictions and approve node pairing, potentially gaining unauthorized access to nodes capable of executing commands. **Recommendations** Update to version 2026.4.8. As a temporary workaround, restrict the use of the `operator.write` scope for unprivileged users to prevent unauthorized node pairing approval.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.8 **Description** A role bypass issue exists in the `device.token.rotate()` function. This flaw allows attackers to bypass device role-upgrade pairing, enabling the minting of tokens for unapproved roles and the preservation of roles and scopes that did not undergo the intended approval process. **Recommendations** Update to version 2026.4.8 or later. As a temporary workaround, restrict access to the `device.token.rotate()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.8 **Description** A security bypass exists in the `node.invoke(browser.proxy)` function that allows the mutation of persistent browser profiles. This flaw enables attackers to circumvent the `browser.request` persistent profile-mutation guard and modify browser configurations. **Recommendations** Update to version 2026.4.8 or later. As a temporary workaround, restrict access to the `node.invoke(browser.proxy)` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.28 **Description** An environment variable sanitization issue exists where `GIT TEMPLATE DIR` and `AWS CONFIG FILE` are not included in the host-env blocklist. This allows attackers to use approved exec requests to redirect git or AWS CLI behavior via attacker-controlled configuration files, leading to the execution of untrusted code or the loading of malicious credentials. **Recommendations** Update to version 2026.3.28.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS versions prior to 2.4.1 **Description** A Blind SQL Injection issue can lead to site database information disclosure and denial of service. The issue is related to the `rerank` array parameter. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rerank` array parameter to minimize the risk of exploitation.