CVE-2026-27488
SSRF Vulnerability in OpenClaw Cron Webhook Delivery
Publication date: 2026-02-21
Last updated on: 2026-02-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27488 is a vulnerability in the OpenClaw personal AI assistant affecting versions 2026.2.17 and below. The issue arises because the cron webhook delivery mechanism uses the fetch() function directly without enforcing Server-Side Request Forgery (SSRF) policy checks. This flaw allows webhook targets to access internal, private, or metadata endpoints that should normally be protected from external access.
The vulnerability was fixed in version 2026.2.18 by introducing SSRF protections that block outbound HTTP requests targeting private or internal IP addresses, preventing unauthorized internal network access.
How can this vulnerability impact me? :
This vulnerability can allow an attacker controlling a webhook target to make the OpenClaw system send requests to internal or private network endpoints that should be inaccessible. This can lead to unauthorized access to sensitive internal services or metadata endpoints, potentially exposing confidential information or enabling further attacks within the internal network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the cron webhook delivery in OpenClaw versions up to 2026.2.17 using fetch() directly without SSRF checks, allowing access to private/internal endpoints.
To detect this vulnerability on your system, you can check the version of the OpenClaw package installed. If it is version 2026.2.17 or below, it is vulnerable.
Additionally, you can monitor network traffic for webhook POST requests originating from the cron jobs targeting internal or private IP addresses, which should normally be blocked.
Suggested commands include:
- Check OpenClaw version installed (example for npm package): `npm list openclaw` or `npm ls openclaw`
- Monitor outgoing webhook requests from the server, for example using tcpdump or similar tools to detect requests to private IP ranges: `sudo tcpdump -i any dst net 10.0.0.0/8 or dst net 172.16.0.0/12 or dst net 192.168.0.0/16`
- Review application logs for webhook delivery attempts to internal endpoints or errors related to webhook delivery.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the OpenClaw package to version 2026.2.18 or later, where the vulnerability is fixed by introducing SSRF protections in the cron webhook delivery mechanism.
This fix replaces the direct fetch() call with a guarded fetch function that blocks requests to private or internal IP addresses, preventing unauthorized access.
If upgrading immediately is not possible, consider implementing network-level controls such as firewall rules to block outgoing HTTP requests from the OpenClaw cron jobs to private/internal IP ranges.
Also, review and monitor webhook delivery logs to detect and respond to any suspicious webhook requests targeting internal endpoints.