CVE-2026-6011

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26

Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the assertPublicHostname Handler functionality of the file src/agents/tools/web-fetch.ts. A manipulation can lead to server-side request forgery. The attack can be executed remotely and is characterized by high complexity, though exploitation is known to be difficult. The exploit has been made publicly available.

Recommendations Upgrade to version 2026.1.29 or later, which includes the patch b623557a2ec7e271bda003eb3ac33fbb2e218505. Upgrade the affected component.