VYPR
Medium severity6.5NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026

CVE-2026-35673

CVE-2026-35673

Description

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should remain protected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • OpenClaw/Openclawinferred3 versions
    <2026.4.29+ 2 more
    • (no CPE)range: <2026.4.29
    • cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*range: <2026.4.29
    • (no CPE)range: < 2026.4.29

Patches

Vulnerability mechanics

References

2

News mentions

1