CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-41912

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.4%

CVSS Severity

CVSS v3 Score 7.6

References

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5
https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897
https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-policy-bypass-via-interaction-triggered-navigation

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41912

Products

Pricing

Contact Us