{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-28476/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","openclaw","cve-2026-28476"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003eopenclaw\u003c/code\u003e package, a Node.js module, contains a Server-Side Request Forgery (SSRF) vulnerability in versions 2026.3.24 and earlier. This flaw stems from an incomplete fix for CVE-2026-28476, where several channel extensions continued to use raw \u003ccode\u003efetch()\u003c/code\u003e against configured base URLs without proper SSRF protection. This omission allows attackers to potentially manipulate configured endpoints to target blocked internal destinations, bypassing intended security measures. The vulnerability was identified and patched in version 2026.3.25 through commit \u003ccode\u003ef92c92515bd439a71bd03eb1bc969c1964f17acf\u003c/code\u003e, which routes outbound requests through \u003ccode\u003efetchWithSsrFGuard\u003c/code\u003e. Defenders should ensure they are running version 2026.3.25 or later.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an \u003ccode\u003eopenclaw\u003c/code\u003e instance running version 2026.3.24 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a channel extension that uses a configured base URL.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious configuration that redirects the base URL to an internal resource.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003efetch()\u003c/code\u003e function in the channel extension makes an HTTP request to the attacker-controlled URL.\u003c/li\u003e\n\u003cli\u003eThe request bypasses the SSRF guard due to the incomplete fix for CVE-2026-28476.\u003c/li\u003e\n\u003cli\u003eThe targeted internal resource processes the attacker\u0026rsquo;s request.\u003c/li\u003e\n\u003cli\u003eSensitive information from the internal resource is potentially exposed to the attacker.\u003c/li\u003e\n\u003cli\u003eAttacker exfiltrates the exposed information, completing the SSRF attack.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability could allow an attacker to gain unauthorized access to internal resources and sensitive information. The number of potential victims is dependent on the prevalence of vulnerable \u003ccode\u003eopenclaw\u003c/code\u003e instances. If successful, the attacker can read internal files, access internal services, or even potentially execute commands on internal systems, leading to data breaches or further compromise of the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eopenclaw\u003c/code\u003e package to version 2026.3.25 or later to incorporate the fix for CVE-2026-28476, as described in the overview.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of potential SSRF vulnerabilities by restricting access from the affected systems to sensitive internal resources.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect OpenClaw SSRF Vulnerable Versions\u0026rdquo; to identify potentially vulnerable instances of the \u003ccode\u003eopenclaw\u003c/code\u003e package based on user-agent strings.\u003c/li\u003e\n\u003cli\u003eMonitor outbound network connections from \u003ccode\u003eopenclaw\u003c/code\u003e instances for connections to internal IP addresses or unexpected domains, which could indicate SSRF exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-29T15:49:23Z","date_published":"2026-03-29T15:49:23Z","id":"/briefs/2026-05-openclaw-ssrf/","summary":"OpenClaw versions 2026.3.24 and earlier are vulnerable to Server-Side Request Forgery (SSRF) because of unguarded configured base URLs in multiple channel extensions, allowing attackers to potentially access internal resources.","title":"OpenClaw SSRF Vulnerability via Unguarded Configured Base URLs","url":"https://feed.craftedsignal.io/briefs/2026-05-openclaw-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-28476","version":"https://jsonfeed.org/version/1.1"}