CVE-2026-32019 PUBLISHED

OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

Assigner: VulnCheck
Reserved: 10.03.2026 Published: 19.03.2026 Updated: 19.03.2026

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch functionality to access blocked addresses such as 198.18.0.0/15 and other non-global ranges.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L
CVSS Score: 2.3

Product Status

Vendor OpenClaw
Product OpenClaw
Versions Default: unaffected
  • affected from 0 to 2026.2.22 (excl.)
  • Version 2026.2.22 is unaffected

Credits

  • princeeismond-dot reporter

References

Problem Types

  • CWE-918 Server-Side Request Forgery (SSRF) CWE