top of page
perceptive_background_267k.jpg

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforce…

Published:

5 mei 2026 om 22:00:00

Alert date:

6 mei 2026 om 22:04:36

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

OpenClaw versions before 2026.4.10 contain an incomplete navigation guard vulnerability that enables attackers to bypass SSRF policy enforcement. The vulnerability allows unauthorized navigation through browser interactions like pressKey and type submit flows. Attackers can exploit browser press/type style interactions to circumvent post-action security checks. This creates a pathway for unauthorized navigation execution without proper security validation. The vulnerability affects the core navigation security mechanisms in OpenClaw applications.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-43580
https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe
https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3
https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894
https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h
https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page