CVE-2026-43580
OpenClaw Incomplete Navigation Guard SSRF Bypass
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain any information regarding the impact of CVE-2026-43580 on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves incomplete navigation guard coverage in browser interactions, specifically in pressKey and type submit flows that bypass SSRF policy enforcement. Detection would involve monitoring browser interaction-driven navigations for unauthorized or unexpected navigation events triggered by key presses or form submissions.
Since the vulnerability is related to navigation triggered by browser interactions, detection commands would focus on observing network requests and navigation events after such interactions.
- Use browser developer tools or automation scripts to monitor navigation events triggered by pressKey or type submit actions.
- Capture and analyze network traffic for unexpected redirects or requests to unauthorized URLs following keypress or form submission events.
- In automated testing environments using Playwright, add logging or assertions around `pressKeyViaPlaywright` and `typeViaPlaywright` functions to detect navigation attempts that bypass SSRF policies.
No explicit detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, as these versions include fixes that introduce a three-phase interaction navigation guard to enforce SSRF policy compliance on browser interactions such as pressKey and type submit flows.
- Upgrade OpenClaw to version 2026.4.10 or newer (latest patched version is 2026.4.14).
- Ensure that the three-phase interaction navigation guard is enabled and properly configured to enforce SSRF policies on navigation-capable interactions.
- Review and apply the security patches referenced in the GitHub commits that address this vulnerability.
These steps prevent unauthorized navigation triggered by browser interactions and ensure that SSRF policies are enforced after keypress or form submission events.
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.4.10 and involves an incomplete navigation guard. It allows attackers to trigger navigation actions without fully enforcing the Server-Side Request Forgery (SSRF) policy. Specifically, interactions that simulate browser press or type actions, such as pressKey and type submit flows, can bypass security checks that normally occur after an action, enabling unauthorized navigation.
How can this vulnerability impact me? :
The vulnerability can allow attackers to navigate to unauthorized locations within the application or system by bypassing security policies. This could potentially lead to exposure of sensitive information or unauthorized access to internal resources, as the SSRF protections are not fully enforced during certain browser-like interactions.