PT-2026-25446 · Npm · Openclaw
Published
2026-03-03
·
Updated
2026-03-03
CVSS v4.0
6.1
Medium
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N |
Summary
openclaw web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured (HTTP PROXY/HTTPS PROXY/ALL PROXY, including lowercase variants).In affected builds, strict URL checks (for example
web fetch and citation redirect resolution) validated one destination during SSRF guard checks, but runtime connection routing could proceed through an env-proxy dispatcher.Affected Packages / Versions
- Package:
openclaw(npm) - Vulnerable version range:
<= 2026.3.1 - Latest published npm version at triage time (2026-03-02):
2026.3.1 - Patched versions:
>= 2026.3.2(released)
Technical Details
The SSRF guard performed hostname resolution and policy checks, then selected a request dispatcher.
When env proxy settings were present, strict web-tool flows could use
EnvHttpProxyAgent instead of the DNS-pinned dispatcher. This created a destination-binding gap between check-time resolution and connect-time routing.The fix keeps DNS pinning on strict/untrusted web-tool URL paths and limits env-proxy bypass behavior to trusted/operator-controlled endpoints via an explicit dangerous opt-in.
Impact
In deployments with env proxy variables configured, attacker-influenced URLs from web tools could be routed through proxy behavior instead of strict pinned-destination routing, which could allow access to internal/private targets reachable from that proxy environment.
Mitigations
Before upgrading, operators can reduce exposure by clearing proxy env vars for OpenClaw runtime processes or disabling
web fetch / web search where untrusted URL input is possible.Fix Commit(s)
345abf0b2e0f43b0f229e96f252ebf56f1e5549e
Fix
Time Of Check To Time Of Use
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw