CVE-2026-22181
DNS Pinning Bypass in OpenClaw Enables SSRF via Proxy Variables
Publication date: 2026-03-18
Last updated on: 2026-03-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22181 is a DNS pinning bypass vulnerability in OpenClaw versions prior to 2026.3.2 that affects strict URL fetch paths. When environment proxy variables such as HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY are configured, attackers can circumvent Server-Side Request Forgery (SSRF) protections by routing attacker-controlled URLs through proxy behavior instead of the intended pinned-destination routing.
This happens because the strict URL checks perform hostname resolution and policy checks during SSRF guard validation, but at runtime, the presence of environment proxy settings causes a time-of-check to time-of-use (TOCTOU) race condition. This allows the connection to bypass DNS pinning and use a proxy agent, enabling access to internal or private network targets reachable via the proxy.
How can this vulnerability impact me? :
This vulnerability can allow attackers to bypass SSRF protections and gain unauthorized access to internal or private network targets that are accessible through the proxy environment configured by the affected OpenClaw instance.
Such unauthorized access could lead to exposure of sensitive internal services or data, potentially compromising confidentiality and enabling further attacks within the internal network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves checking if OpenClaw versions prior to 2026.3.2 are running and if environment proxy variables such as HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY (including lowercase variants) are set in the runtime environment.'}, {'type': 'paragraph', 'content': 'You can inspect the environment variables for OpenClaw processes to see if any proxy variables are configured, which could enable the vulnerability.'}, {'type': 'list_item', 'content': 'Use commands like `ps aux | grep openclaw` to identify running OpenClaw processes.'}, {'type': 'list_item', 'content': "Check environment variables for these processes with commands such as `cat /proc/<pid>/environ | tr '\\0' '\\n' | grep -i proxy` replacing `<pid>` with the process ID."}, {'type': 'list_item', 'content': 'Verify the OpenClaw version by running `openclaw --version` or checking the package version in your environment.'}, {'type': 'paragraph', 'content': 'If these proxy environment variables are set and the OpenClaw version is vulnerable, the system is at risk of exploitation via this DNS pinning bypass.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include clearing or unsetting the environment proxy variables (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, and their lowercase variants) from the OpenClaw runtime environment to prevent proxy routing bypass.
Alternatively, disabling the web_fetch and web_search features in OpenClaw when handling untrusted URLs can reduce the attack surface until the software is updated.
The definitive fix is to upgrade OpenClaw to version 2026.3.2 or later, where DNS pinning is enforced on strict or untrusted web-tool URL paths and proxy bypass behavior is restricted to trusted endpoints via an explicit opt-in.