top of page
perceptive_background_267k.jpg

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforce…

Published:

5 mei 2026 om 22:00:00

Alert date:

6 mei 2026 om 21:05:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CVE-2026-43580 affects OpenClaw versions before 2026.4.10, containing an incomplete navigation guard vulnerability. Attackers can exploit this flaw to trigger unauthorized navigation by bypassing SSRF policy enforcement. The vulnerability specifically impacts browser interactions including pressKey and type submit flows. These interactions can circumvent post-action security checks, allowing execution of unauthorized navigation. The issue has been addressed in version 2026.4.10 with multiple commits providing fixes and security advisories available.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-43580
https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe
https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3
https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894
https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h
https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page