CVE-2026-42430

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8

Description An issue in Playwright redirect handling allows attackers to bypass strict Server-Side Request Forgery (SSRF) checks. By exploiting request-time navigation, attackers can reach private targets that are intended to be restricted by browser SSRF protections. SSRF is a flaw where an attacker can force a server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

Recommendations Update to version 2026.4.8.