SSRF Policy Bypass in OpenClaw by OpenClaw Technologies
CVE-2026-35673

5.9MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-35673?

OpenClaw prior to version 2026.4.29 contains a vulnerability that allows attackers to exploit a policy bypass in browser debug and export routes. This flaw permits unauthorized access to blocked tabs, enabling attackers to reuse these tabs to export or inspect sensitive content that should remain protected, effectively compromising private-network security measures.

Affected Version(s)

OpenClaw 0 < 2026.4.29

OpenClaw 2026.4.29

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-ssrf-policy...

third-party-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 4, 2026

Credit

Dikai Zou

CVE-2026-35673 Data

JSON