GHSA-xq94-r468-qwgj: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

April 17, 2026

Browser SSRF hostname validation could be bypassed by DNS rebinding.

References

github.com/advisories/GHSA-xq94-r468-qwgj
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/121c452d666d4749744dc2089287d0227aae2ed3
github.com/openclaw/openclaw/pull/64367
github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj

Code Behaviors & Features

Detect and mitigate GHSA-xq94-r468-qwgj with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →