OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 (which is 127.0.0.1). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard.
src/infra/net/ssrf.ts)openclaw (npm)<= 2026.2.13>= 2026.2.14 (planned next release)The SSRF guard's IP classification did not consistently detect private IPv4 addresses when they were embedded in IPv6 using full-form IPv4-mapped IPv6 notation. As a result, inputs like 0:0:0:0:0:ffff:7f00:1 could bypass loopback/private network blocking.
c0c0e0f9aecb913e738742f73e091f2f72d39a19This advisory is kept in draft state with the patched version set to the planned next release. Once [email protected] is published to npm, the only remaining step should be to publish this advisory.
Thanks @yueyueL for reporting.
| Score | Percentile |
|---|---|
| 0.02% | 3.64% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-jrvc-8ff5-2f9f ↗ |
| CVE | CVE-2026-26324 ↗ |
| CWE id | Name |
|---|---|
| CWE-918 | Server-Side Request Forgery (SSRF) |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | < 2026.2.14 | 2026.2.14 | — |