ГлавнаяУязвимости → CVE-2026-41912
7.6высокая

CVE-2026-41912

Описание

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

Затрагиваемое ПО
Openclaw Openclaw
CVSS
Балл7.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Источники
https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-policy-bypass-via-interaction-triggered-navigation