Nixpkgs security tracker

Untriaged

Permalink CVE-2026-43576

7.7 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 weeks, 5 days ago Activity log

Created suggestion 2 weeks, 5 days ago

OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.

References

GitHub Security Advisory (GHSA-f7fh-qg34-x2xh) vendor-advisory
Patch Commit patch
VulnCheck Advisory: OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL third-party-advisory

Affected products

OpenClaw

<2026.4.5
==2026.4.5

Matching in nixpkgs

pkgs.openclaw

Self-hosted, open-source AI assistant/agent

nixos-unstable 2026.4.22
- nixpkgs-unstable 2026.4.21
- nixos-unstable-small 2026.4.22

Package maintainers

@chrisportela Chris Portela <chris@chrisportela.com>
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.openclaw

Package maintainers