Attack Chain

1. An attacker identifies an OpenClaw instance running a version prior to 2026.4.10.
2. The attacker crafts a malicious request targeting an existing user session within the OpenClaw application.
3. The crafted request is designed to exploit the SSRF policy bypass in the browser interaction routes.
4. The vulnerable code fails to properly enforce SSRF navigation guards during browser interaction.
5. The attacker is able to bypass the intended SSRF protections and initiate requests to unauthorized internal or external targets.
6. The OpenClaw server processes the attacker-initiated request without proper validation.
7. The attacker interacts with or navigates to unauthorized targets, potentially gaining access to sensitive information or internal resources.
8. The attacker may leverage the compromised session to further escalate privileges or perform other malicious activities within the network.

Impact

Successful exploitation of CVE-2026-43573 allows attackers to bypass SSRF protections in OpenClaw, potentially leading to unauthorized access to sensitive data or internal resources. The impact depends on the specific configurations and network architecture of the affected OpenClaw deployment, but could include exposure of confidential information, disruption of services, or further compromise of internal systems.

Recommendation

• Upgrade OpenClaw to version 2026.4.10 or later to patch the SSRF policy bypass vulnerability (CVE-2026-43573).
• Deploy the Sigma rule “OpenClaw SSRF Attempt” to detect exploitation attempts targeting the vulnerable browser interaction routes.
• Review and harden existing session management policies in OpenClaw to prevent unauthorized session access.