CVE-2026-43580
Analyzed Analyzed - Analysis Complete
OpenClaw Incomplete Navigation Guard SSRF Bypass

Publication date: 2026-05-06

Last updated on: 2026-05-07

Assigner: VulnCheck

Description
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43580
EUVD
EUVD-2026-28172
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.4.10 and involves an incomplete navigation guard. It allows attackers to trigger navigation actions without fully enforcing the Server-Side Request Forgery (SSRF) policy. Specifically, interactions that simulate browser press or type actions, such as pressKey and type submit flows, can bypass security checks that normally occur after an action, enabling unauthorized navigation.

Impact Analysis

The vulnerability can allow attackers to navigate to unauthorized locations within the application or system by bypassing security policies. This could potentially lead to exposure of sensitive information or unauthorized access to internal resources, as the SSRF protections are not fully enforced during certain browser-like interactions.

Compliance Impact

The provided context and resources do not contain any information regarding the impact of CVE-2026-43580 on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability involves incomplete navigation guard coverage in browser interactions, specifically in pressKey and type submit flows that bypass SSRF policy enforcement. Detection would involve monitoring browser interaction-driven navigations for unauthorized or unexpected navigation events triggered by key presses or form submissions.

Since the vulnerability is related to navigation triggered by browser interactions, detection commands would focus on observing network requests and navigation events after such interactions.

  • Use browser developer tools or automation scripts to monitor navigation events triggered by pressKey or type submit actions.
  • Capture and analyze network traffic for unexpected redirects or requests to unauthorized URLs following keypress or form submission events.
  • In automated testing environments using Playwright, add logging or assertions around `pressKeyViaPlaywright` and `typeViaPlaywright` functions to detect navigation attempts that bypass SSRF policies.

No explicit detection commands are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, as these versions include fixes that introduce a three-phase interaction navigation guard to enforce SSRF policy compliance on browser interactions such as pressKey and type submit flows.

  • Upgrade OpenClaw to version 2026.4.10 or newer (latest patched version is 2026.4.14).
  • Ensure that the three-phase interaction navigation guard is enabled and properly configured to enforce SSRF policies on navigation-capable interactions.
  • Review and apply the security patches referenced in the GitHub commits that address this vulnerability.

These steps prevent unauthorized navigation triggered by browser interactions and ensure that SSRF policies are enforced after keypress or form submission events.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43580. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart