Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-41912
7.6 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): NONE
Activity log
- Created suggestion
OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered Navigation
OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.
References
-
GitHub Security Advisory (GHSA-vr5g-mmx7-h897) vendor-advisory
-
Patch Commit patch
Affected products
OpenClaw
- <2026.4.8
- ==2026.4.8
Package maintainers
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
-
@chrisportela Chris Portela <chris@chrisportela.com>