Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / openclaw / CVE-2026-27488.yaml
CVE-2026-27488.yaml
 1  info:
 2    name: OpenClaw
 3    cve: CVE-2026-27488
 4    summary: OpenClaw Harden cron webhook delivery against SSRF
 5    details: >-
 6      Affected Packages / Versions
 7  
 8  
 9      - openclaw npm package versions <= 2026.2.17.
10  
11  
12      Vulnerability
13  
14      Cron webhook delivery in src/gateway/server-cron.ts used fetch() directly, so webhook targets could reach private/metadata/internal
15      endpoints without SSRF policy checks.
16    cvss: ''
17    severity: MEDIUM
18    security_advise: Upgrade openclaw to 2026.2.18 or later. Commit(s) - 99db4d13e - 35851cdaf
19    references:
20    - https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp
21  rule: version <= "2026.2.17"
22  references:
23  - https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp