CVE-2026-41361

· NIST NVD ↗

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.

HIGH
CVSS severity
7.1
CVSS base score
2026-04-23
Published

CWE codes

CWE-184CWE-918

Affected products

openclaw:openclaw

Sources