Medium severity5.0NVD Advisory· Published May 11, 2026· Updated May 13, 2026
CVE-2026-45000
CVE-2026-45000
Description
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed during normal profile status operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7nvdPatch
- github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdfnvdPatch
- github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pmnvdThird Party Advisory
- www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-browser-cdp-profile-creationnvdThird Party AdvisoryPatch
News mentions
0No linked articles in our index yet.