CVE-2026-43527
HIGH NVDCVSS Score
7.7
Severity
HIGH
Source
NVD
Published
May 05, 2026
Description
OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.