CVE-2026-28476
Published: 05 March 2026
Summary
CVE-2026-28476 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of validation on user-provided base URLs, preventing SSRF by ensuring only valid and authorized URLs are accepted.
Boundary protection monitors and controls outbound communications from the gateway, blocking HTTP requests to arbitrary or internal hosts.
Enforces flow control policies to restrict the gateway from initiating unauthorized information flows to attacker-specified destinations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing OpenClaw gateway (AV:N/AC:L/PR:N) directly enables exploitation of a public-facing application.
NVD Description
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to…
more
make HTTP requests to arbitrary hosts including internal addresses.
Deeper analysisAI
CVE-2026-28476 is a server-side request forgery (SSRF) vulnerability, mapped to CWE-918, affecting OpenClaw versions prior to 2026.2.14. The flaw exists in the optional Tlon Urbit extension, which accepts user-provided base URLs for authentication without proper validation, published on 2026-03-05 with a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).
Attackers who can influence the configured Urbit URL can exploit this vulnerability to induce the OpenClaw gateway to issue HTTP requests to arbitrary hosts, including internal addresses. Exploitation requires no privileges or user interaction and can be performed over the network with low complexity, potentially enabling access to restricted resources through the gateway's requests.
Advisories recommend upgrading to OpenClaw version 2026.2.14 or later to mitigate the issue. Key references include the GitHub security advisory (GHSA-pg2v-8xwh-qhcc), the patching commit (bfa7d21e997baa8e3437657d59b1e296815cc1b1), and the VulnCheck advisory detailing the SSRF in the Tlon extension authentication.
Details
- CWE(s)