CVE-2026-42439: OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
(updated )
Browser tabs action select and close routes bypassed SSRF policy.
References
- github.com/advisories/GHSA-rj2p-j66c-mgqh
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/48c03479211799ec3c1305ad69037cea25ba0e1e
- github.com/openclaw/openclaw/commit/48c0347921b7e9438af0312968fc360ca88023f3
- github.com/openclaw/openclaw/pull/63332
- github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh
- nvd.nist.gov/vuln/detail/CVE-2026-42439
- www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes
Code Behaviors & Features
Detect and mitigate CVE-2026-42439 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →