CVE-2026-32019
🟡 Monitoruj
Niekompletna walidacja zakresów IPv4 w OpenClaw umożliwia atakującym omijanie polityki SSRF i dostęp do zablokowanych adresów.
CVSS
7.4
EPSS
0.0%
Exploit
none
Vendor
openclaw
Opis źródłowy (NVD)
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch functionality to access blocked addresses such as 198.18.0.0/15 and other non-global ranges.
ssrf
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.4 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-03-19 22:16:35 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-20 13:51:07 UTC |
Referencje
- https://github.com/openclaw/openclaw/commit/333fbb86347998526dd514290adfd5f727caa6d9 (disclosure@vulncheck.com) [Patch]
- https://github.com/openclaw/openclaw/commit/44dfbd23df453e51b71ef79a148c28c53e89168c (disclosure@vulncheck.com) [Patch]
- https://github.com/openclaw/openclaw/commit/71bd15bb4294d3d1b54386064d69cd0f5f731bd8 (disclosure@vulncheck.com) [Patch]
- https://github.com/openclaw/openclaw/commit/f14ebd743cfc73f667fae80af70043d0ab1f88bd (disclosure@vulncheck.com) [Patch]
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47 (disclosure@vulncheck.com) [Vendor Advisory]
- https://www.vulncheck.com/advisories/openclaw-incomplete-ipv4-special-use-range-blocking-in-ssrf-guard (disclosure@vulncheck.com) [Third Party Advisory]