Cyber Resilience

CVE-2026-27488

Medium

Published: 21 February 2026

Published
21 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27488 is a medium-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-27488 is a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) in OpenClaw, a personal AI assistant. It affects versions 2026.2.17 and below, specifically in the Cron webhook delivery functionality implemented in src/gateway/server-cron.ts. There, the fetch() function is invoked directly without SSRF policy checks, enabling webhook targets to access private, metadata, or internal endpoints. The vulnerability carries a CVSS score of 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-02-21.

Remote attackers require no privileges and can exploit this over the network with low attack complexity and no user interaction. By leveraging control over a webhook target URL in the Cron delivery process, they can direct the OpenClaw server to fetch unauthorized internal resources, resulting in low impacts to confidentiality, integrity, and availability.

Mitigation is provided in OpenClaw version 2026.2.19, which addresses the direct fetch() usage. Security advisories recommend upgrading to this patched release. Key references include the fixing commit at https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655, the release notes at https://github.com/openclaw/openclaw/releases/tag/v2026.2.19, and the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp.

EU & UK References

Vulnerability details

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
T1552.005 Cloud Instance Metadata API Credential Access
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
Why these techniques?

SSRF in public-facing webhook/Cron component enables direct exploitation of the app (T1190); attacker-controlled fetch() to internal endpoints facilitates network service discovery (T1046) and retrieval of cloud instance metadata credentials (T1552.005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28451Same product: Openclaw Openclaw
CVE-2026-26324Same product: Openclaw Openclaw
CVE-2026-26322Same product: Openclaw Openclaw
CVE-2026-43526Same product: Openclaw Openclaw
CVE-2026-32019Same product: Openclaw Openclaw
CVE-2026-44116Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-41912Same product: Openclaw Openclaw
CVE-2026-6011Same product: Openclaw Openclaw
CVE-2026-22181Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.17

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces information flow policies on outbound webhook fetch() calls so targets cannot reach private or internal endpoints.

prevent

Boundary protection mechanisms can filter or deny server-initiated requests to internal metadata and private networks from the cron webhook path.

prevent

Validates webhook target URLs before fetch() to reject addresses that resolve to internal or metadata endpoints.

References