Plattform
nodejs
Komponente
openclaw
Behoben in
2026.3.2
CVE-2026-22181 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in OpenClaw. This flaw allows attackers to circumvent SSRF protection mechanisms by manipulating URLs when proxy environment variables (HTTPPROXY, HTTPSPROXY, ALL_PROXY) are configured. The vulnerability impacts OpenClaw versions prior to 2026.3.2 and can lead to unauthorized access to internal resources. A patch is available in version 2026.3.2.
The core of this vulnerability lies in OpenClaw's URL fetch path handling. Normally, OpenClaw should pin requests to specific, trusted destinations. However, when HTTPPROXY, HTTPSPROXY, or ALL_PROXY environment variables are present, the application incorrectly routes attacker-controlled URLs through the configured proxy. This effectively bypasses the intended SSRF protections. An attacker could leverage this to scan internal networks, access sensitive data residing on internal servers (databases, APIs, configuration files), or even potentially trigger remote code execution if internal services are vulnerable and accessible via the proxy. The blast radius extends to any internal resources reachable from the proxy environment.
CVE-2026-22181 was publicly disclosed on 2026-03-18. There is currently no known public proof-of-concept (POC) available, but the vulnerability's nature suggests a relatively low barrier to exploitation. The EPSS score is likely to be medium, reflecting the potential impact and ease of exploitation. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations deploying OpenClaw in environments where proxy servers are used for outbound traffic are particularly at risk. This includes applications utilizing OpenClaw for data fetching or integration with internal services. Shared hosting environments where environment variables are easily configurable also present a heightened risk.
• nodejs / server:
ps aux | grep claw | grep -i proxy• nodejs / server:
echo $HTTP_PROXY
echo $HTTPS_PROXY
echo $ALL_PROXY• generic web: Review OpenClaw configuration files for any references to proxy settings or environment variables related to proxy usage. • generic web: Monitor access logs for requests to unusual internal IP addresses or hostnames originating from the OpenClaw application.
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22181 is to upgrade OpenClaw to version 2026.3.2 or later, which contains the fix. If upgrading immediately is not feasible, consider temporarily removing or disabling the HTTPPROXY, HTTPSPROXY, and ALL_PROXY environment variables. This will prevent the proxy-based routing and restore the intended pinned-destination behavior, though it may impact legitimate proxy usage. Implement strict network segmentation to limit the potential impact of a successful SSRF attack. Monitor proxy logs for unusual or unexpected outbound requests originating from the OpenClaw application.
Aktualisieren Sie OpenClaw auf Version 2026.3.2 oder höher. Dies behebt die DNS Pinning Bypass-Schwachstelle, indem die Proxy-Umgebungsvariablen (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY) deaktiviert oder korrekt konfiguriert werden, um unerwünschtes Routing über Proxies zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22181 is a Server-Side Request Forgery (SSRF) vulnerability in OpenClaw versions 0–2026.3.2, allowing attackers to bypass SSRF guards via proxy manipulation.
You are affected if you are running OpenClaw versions 0.0.0 through 2026.3.2 and have HTTPPROXY, HTTPSPROXY, or ALL_PROXY environment variables configured.
Upgrade OpenClaw to version 2026.3.2 or later. As a temporary workaround, disable the HTTPPROXY, HTTPSPROXY, and ALL_PROXY environment variables.
There are currently no confirmed reports of active exploitation, but the vulnerability's nature suggests a relatively low barrier to exploitation.
Refer to the OpenClaw project's official website and security advisories for the latest information and updates regarding CVE-2026-22181.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.