Skip to content
Threat Feed
high advisory

OpenClaw Network Policy Bypass Vulnerability CVE-2026-62201

OpenClaw versions prior to 2026.6.6 contain a network policy bypass vulnerability, CVE-2026-62201, within its sandbox exec-server that allows lower-trust callers to send HTTP requests to internal network destinations, effectively bypassing configured security policies and leading to server-side request forgery (SSRF).

OpenClaw versions before 2026.6.6 are affected by a high-severity network policy bypass vulnerability, identified as CVE-2026-62201, with a CVSS v3.1 base score of 7.7. This flaw resides in the sandbox exec-server component, which is designed to process HTTP requests. However, due to this vulnerability, lower-trust callers or attackers can manipulate the exec-server to reach internal network destinations that should be restricted by OpenClaw's configured security policies. This effectively transforms the exec-server into an unauthorized proxy, enabling server-side request forgery (SSRF) and allowing attackers to access sensitive internal resources or conduct reconnaissance within the network. This vulnerability enables bypass of critical security controls and could lead to further compromise if exploited.

Attack Chain

  1. Vulnerability Identification: An attacker identifies an internet-accessible OpenClaw instance running a vulnerable version of the exec-server (prior to 2026.6.6).
  2. Request Crafting: The attacker crafts a malicious HTTP request that includes a target internal network destination (e.g., an internal IP address like 192.168.1.1 or a sensitive internal hostname like intranet.local) within its parameters, headers, or body.
  3. Exploit Delivery: The crafted HTTP request is sent to the vulnerable OpenClaw exec-server endpoint.
  4. Policy Bypass: Due to the CVE-2026-62201 vulnerability, the exec-server processes the attacker's request but fails to correctly enforce configured network access control policies for the specified internal destination.
  5. Internal Network Access: The exec-server then acts as an unauthorized proxy, initiating an outbound connection to the attacker-specified internal network resource.
  6. Information Disclosure/Further Access: The exec-server relays the response from the internal resource back to the attacker, providing access to information or services that should have been restricted, potentially facilitating internal network reconnaissance or lateral movement.

Impact

Successful exploitation of CVE-2026-62201 allows attackers to bypass intended network security policies, granting unauthorized access to internal network resources. This can lead to sensitive data exposure, internal network mapping, and potentially serve as a stepping stone for further sophisticated attacks such as lateral movement, privilege escalation, or even remote code execution if the accessed internal services have their own vulnerabilities. While no specific victims or campaigns are detailed, any organization using vulnerable OpenClaw instances faces a significant risk of internal network compromise.

Recommendation

  • Patch CVE-2026-62201 immediately by upgrading OpenClaw to version 2026.6.6 or later.
  • Deploy the provided Sigma rule to your SIEM to detect suspicious HTTP requests targeting the exec-server with internal network destinations.
  • Review web server access logs for any requests to paths related to exec-server containing internal IP addresses or reserved network ranges in query parameters or request bodies, as indicated in the Sigma rule.
  • Implement strict network segmentation and egress filtering to prevent internal systems from communicating with unauthorized external or internal destinations, even if a proxy like the exec-server is compromised.

Detection coverage 1

Detects CVE-2026-62201 Exploitation - OpenClaw exec-server SSRF Attempt

high

Detects CVE-2026-62201 exploitation - suspicious HTTP requests to OpenClaw's exec-server containing internal IP addresses or reserved network ranges in the URI query or stem, indicating a Server-Side Request Forgery (SSRF) attempt.

sigma tactics: defense_evasion, initial_access techniques: T1090.003, T1190 sources: webserver

Detection queries are available on the platform. Get full rules →