Server-side Request Forgery Vulnerability in OpenClaw by OpenClaw
CVE-2026-42430

4.8MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-42430?

OpenClaw before version 2026.4.8 is susceptible to a server-side request forgery vulnerability. This flaw arises from improper handling of Playwright redirection, which could enable attackers to bypass stringent SSRF safeguards. Exploitation of this vulnerability may permit unauthorized access to private resources that are otherwise protected by browser-based SSRF measures, posing significant security risks.

Affected Version(s)

OpenClaw 0 < 2026.4.8

OpenClaw 2026.4.8

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5f...

patch

https://www.vulncheck.com/advisories/openclaw-strict-brow...

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

smaeljaish771

KeenSecurityLab

CVE-2026-42430 Data

JSON

Openclaw

What is CVE-2026-42430?

Affected Version(s)

References

CVSS V4

Timeline

Credit