GHSA-g86v-f9qv-rh6m: OpenClaw SSRF guard misses four IPv6 special-use ranges

March 31, 2026

The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed.

References

github.com/advisories/GHSA-g86v-f9qv-rh6m
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/d61f8e56723e03573b847422468d99c44c26e34f
github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m

Code Behaviors & Features

Detect and mitigate GHSA-g86v-f9qv-rh6m with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →