Browser profile creation normalized cdpUrl values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly disabled private-network CDP targets, a stored profile could still point at a private-network or metadata endpoint and later be probed by normal profile status flows.

Default trusted-operator browser behavior allows private-network CDP endpoints, so this only affected strict-mode deployments. Severity is low.

OpenClaw now checks CDP endpoints against the browser SSRF policy during profile creation and reachability operations.

Fix commits:

Fixed in OpenClaw 2026.4.20.