Cyber Resilience

CVE-2026-35629

MediumPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 14.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35629 is a medium-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-35629, published on 2026-04-09, is a server-side request forgery (SSRF) vulnerability classified under CWE-918, affecting OpenClaw versions before 2026.3.25. The flaw exists in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks, enabling exploitation of unprotected fetch() calls to rebind requests intended for configured endpoints.

The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L), indicating exploitation over the network with low complexity by low-privileged users, without requiring user interaction and with a changed scope. Attackers can leverage this to redirect requests to blocked internal destinations, gaining access to restricted resources.

Mitigation is addressed in the OpenClaw GitHub commit f92c92515bd439a71bd03eb1bc969c1964f17acf, with further details in the GitHub security advisory at GHSA-rhfg-j8jq-7v2h and the Vulncheck advisory at www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions. Affected users should upgrade to OpenClaw 2026.3.25 or later.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations…

more

and access restricted resources.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF vulnerability in public-facing OpenClaw server application directly enables exploitation of public-facing applications to access internal resources.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44116Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-41912Same product: Openclaw Openclaw
CVE-2026-6011Same product: Openclaw Openclaw
CVE-2026-22181Same product: Openclaw Openclaw
CVE-2026-28476Same product: Openclaw Openclaw
CVE-2026-41914Same product: Openclaw Openclaw
CVE-2026-34504Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-41302Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for information flows, directly preventing SSRF exploitation by blocking unauthorized requests to internal destinations from server-side fetch calls.

prevent

Monitors and controls communications at system boundaries and internal interfaces, mitigating SSRF by restricting server access to blocked internal resources via unprotected endpoints.

prevent

Validates inputs such as configured base URLs in channel extensions, preventing attackers from rebinding fetch requests to unauthorized internal destinations.

References