CVE-2026-41912

CVSS v3.1

7.6

High

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-41912

Affected Products

Openclaw

CVE-2026-41912

Weakness Enumeration

Related Identifiers

Affected Products

References · 5