CVE-2026-26324

EPSS 0.02%
Veröffentlicht 19.02.2026 22:49:24
Zuletzt bearbeitet 23.02.2026 18:13:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard. Version 2026.2.14 patches the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenClaw ≫ OpenClaw SwPlatformnode.js Version < 2026.2.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.028

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/openclaw/openclaw/releases/tag/v2026.2.14

Product

Release Notes

https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f

Vendor Advisory

https://github.com/openclaw/openclaw/commit/c0c0e0f9aecb913e738742f73e091f2f72d39a19

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-26324

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26324

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26324

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26324