CVE-2026-35673
Analyzed Analyzed - Analysis Complete
SSRF Policy Bypass in OpenClaw via Debug and Export Routes

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should remain protected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-35673
EUVD
EUVD-2026-33336
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.29 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-35673 is a Server-Side Request Forgery (SSRF) policy bypass vulnerability found in OpenClaw versions before 2026.4.29. It affects the browser debug and export routes, allowing attackers who have access to these routes to reuse already-open blocked tabs. This reuse enables them to bypass private-network SSRF protections and access or inspect content that should be protected and inaccessible.

The root cause of this vulnerability is incorrect authorization (CWE-863), which means the system does not properly verify whether the user is allowed to perform certain actions, leading to unauthorized access.

Impact Analysis

This vulnerability can allow attackers with limited access to bypass SSRF protections designed to prevent unauthorized access to private network resources. By exploiting this flaw, attackers could gain unauthorized access to sensitive or protected content that should remain inaccessible, potentially leading to information disclosure or further exploitation within the private network.

Detection Guidance

This vulnerability involves SSRF policy bypass in OpenClaw versions before 2026.4.29 via browser debug and export routes that reuse already-open blocked tabs.

Detection would require monitoring access to these specific browser debug and export routes to identify unauthorized reuse of blocked tabs.

Since the vulnerability is related to incorrect authorization on these routes, commands or tools that inspect HTTP requests to these endpoints and analyze for suspicious reuse of blocked tabs could help detect exploitation attempts.

However, no specific detection commands or scripts are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.29 or later, where this SSRF policy bypass vulnerability has been fixed.

Until the upgrade can be applied, restrict access to the browser debug and export routes to trusted users only, as attackers require access to these routes to exploit the vulnerability.

Additionally, review and tighten authorization controls on these routes to prevent unauthorized reuse of blocked tabs.

Compliance Impact

The vulnerability in OpenClaw allows attackers to bypass private-network SSRF protections and gain unauthorized access to protected content by reusing blocked tabs. This unauthorized access to protected or sensitive data could potentially lead to violations of data protection regulations such as GDPR or HIPAA, which require strict controls on access to personal or sensitive information.

However, the provided information does not explicitly state the impact on compliance with specific standards or regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35673. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart