← Back

CVE-2026-28467

nvd nist
Published: Mar 5, 2026Modified: Mar 9, 2026

JSON object

Loading...
6.3
Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTP(S) URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can trigger SSRF to internal resources and exfiltrate fetched response bytes as outbound attachments.

Affected (1)

Products: Openclaw: Openclaw
Openclaw
1 product
Openclaw
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openclaw
Before 2026.2.2

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
ExploitVendor Advisory
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.