CVE-2026-27488
Published: 21 February 2026
Summary
CVE-2026-27488 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing webhook/Cron component enables direct exploitation of the app (T1190); attacker-controlled fetch() to internal endpoints facilitates network service discovery (T1046) and retrieval of cloud instance metadata credentials (T1552.005).
NVD Description
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.
Deeper analysisAI
CVE-2026-27488 is a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) in OpenClaw, a personal AI assistant. It affects versions 2026.2.17 and below, specifically in the Cron webhook delivery functionality implemented in src/gateway/server-cron.ts. There, the fetch() function is invoked directly without SSRF policy checks, enabling webhook targets to access private, metadata, or internal endpoints. The vulnerability carries a CVSS score of 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-02-21.
Remote attackers require no privileges and can exploit this over the network with low attack complexity and no user interaction. By leveraging control over a webhook target URL in the Cron delivery process, they can direct the OpenClaw server to fetch unauthorized internal resources, resulting in low impacts to confidentiality, integrity, and availability.
Mitigation is provided in OpenClaw version 2026.2.19, which addresses the direct fetch() usage. Security advisories recommend upgrading to this patched release. Key references include the fixing commit at https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655, the release notes at https://github.com/openclaw/openclaw/releases/tag/v2026.2.19, and the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai