top of page
perceptive_background_267k.jpg

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforceā€¦

Published:

5 May 2026 at 22:00:00

Alert date:

6 May 2026 at 23:05:11

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Security Tools

OpenClaw versions before 2026.4.10 contain an incomplete navigation guard vulnerability (CVE-2026-43580) that allows attackers to bypass SSRF policy enforcement. The vulnerability specifically affects browser press/type style interactions, including pressKey and type submit flows, which can bypass post-action security checks. This enables attackers to execute unauthorized navigation actions without proper security validation. The vulnerability has been addressed in version 2026.4.10 with multiple commits providing fixes and security improvements.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-43580
https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe
https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3
https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894
https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h
https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page