CVE-2026-41361

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28

Description An SSRF guard bypass exists due to the failure to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs that target internal or non-routable IPv6 addresses to bypass Server-Side Request Forgery (SSRF) protections. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location.

Recommendations Update to version 2026.3.28.