CVE-2026-42430

CVSS v3.1

6.5

Medium

AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-42430

Affected Products

Openclaw

CVE-2026-42430

Weakness Enumeration

Related Identifiers

Affected Products

References · 5