OpenClaw Network Policy Bypass Vulnerability CVE-2026-62201
OpenClaw versions prior to 2026.6.6 contain a network policy bypass vulnerability, CVE-2026-62201, within its sandbox exec-server that allows lower-trust callers to send HTTP requests to internal network destinations, effectively bypassing configured security policies and leading to server-side request forgery (SSRF).
OpenClaw versions before 2026.6.6 are affected by a high-severity network policy bypass vulnerability, identified as CVE-2026-62201, with a CVSS v3.1 base score of 7.7. This flaw resides in the sandbox exec-server component, which is designed to process HTTP requests. However, due to this vulnerability, lower-trust callers or attackers can manipulate the exec-server to reach internal network destinations that should be restricted by OpenClaw's configured security policies. This effectively transforms the exec-server into an unauthorized proxy, enabling server-side request forgery (SSRF) and allowing attackers to access sensitive internal resources or conduct reconnaissance within the network. This vulnerability enables bypass of critical security controls and could lead to further compromise if exploited.
Attack Chain
- Vulnerability Identification: An attacker identifies an internet-accessible OpenClaw instance running a vulnerable version of the
exec-server(prior to 2026.6.6). - Request Crafting: The attacker crafts a malicious HTTP request that includes a target internal network destination (e.g., an internal IP address like
192.168.1.1or a sensitive internal hostname likeintranet.local) within its parameters, headers, or body. - Exploit Delivery: The crafted HTTP request is sent to the vulnerable OpenClaw
exec-serverendpoint. - Policy Bypass: Due to the
CVE-2026-62201vulnerability, theexec-serverprocesses the attacker's request but fails to correctly enforce configured network access control policies for the specified internal destination. - Internal Network Access: The
exec-serverthen acts as an unauthorized proxy, initiating an outbound connection to the attacker-specified internal network resource. - Information Disclosure/Further Access: The
exec-serverrelays the response from the internal resource back to the attacker, providing access to information or services that should have been restricted, potentially facilitating internal network reconnaissance or lateral movement.
Impact
Successful exploitation of CVE-2026-62201 allows attackers to bypass intended network security policies, granting unauthorized access to internal network resources. This can lead to sensitive data exposure, internal network mapping, and potentially serve as a stepping stone for further sophisticated attacks such as lateral movement, privilege escalation, or even remote code execution if the accessed internal services have their own vulnerabilities. While no specific victims or campaigns are detailed, any organization using vulnerable OpenClaw instances faces a significant risk of internal network compromise.
Recommendation
- Patch CVE-2026-62201 immediately by upgrading OpenClaw to version 2026.6.6 or later.
- Deploy the provided Sigma rule to your SIEM to detect suspicious HTTP requests targeting the
exec-serverwith internal network destinations. - Review web server access logs for any requests to paths related to
exec-servercontaining internal IP addresses or reserved network ranges in query parameters or request bodies, as indicated in the Sigma rule. - Implement strict network segmentation and egress filtering to prevent internal systems from communicating with unauthorized external or internal destinations, even if a proxy like the
exec-serveris compromised.
Detection coverage 1
Detects CVE-2026-62201 Exploitation - OpenClaw exec-server SSRF Attempt
highDetects CVE-2026-62201 exploitation - suspicious HTTP requests to OpenClaw's exec-server containing internal IP addresses or reserved network ranges in the URI query or stem, indicating a Server-Side Request Forgery (SSRF) attempt.
Detection queries are available on the platform. Get full rules →