The optional Tlon (Urbit) extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery (SSRF) in affected deployments.

This only affects deployments that have installed and configured the Tlon (Urbit) extension, and where an attacker can influence the configured Urbit URL. Under those conditions, the gateway could be induced to make HTTP requests to attacker-chosen hosts (including internal addresses).

Deployments that do not use the Tlon extension, or where untrusted users cannot change the Urbit URL, are not impacted.

Urbit authentication now validates and normalizes the base URL and uses an SSRF guard that blocks private/internal hosts by default (opt-in: channels.tlon.allowPrivateNetwork).

This advisory is pre-populated with the planned patched version (2026.2.14). After openclaw@2026.2.14 is published to npm, publish this advisory without further edits.

Thanks @p80n-sec for reporting.