CVE-2026-22181: OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured
(updated )
openclaw web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured (HTTP_PROXY/HTTPS_PROXY/ALL_PROXY, including lowercase variants).
In affected builds, strict URL checks (for example web_fetch and citation redirect resolution) validated one destination during SSRF guard checks, but runtime connection routing could proceed through an env-proxy dispatcher.
References
- github.com/advisories/GHSA-8mvx-p2r9-r375
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/345abf0b2e0f43b0f229e96f252ebf56f1e5549e
- github.com/openclaw/openclaw/security/advisories/GHSA-8mvx-p2r9-r375
- nvd.nist.gov/vuln/detail/CVE-2026-22181
- www.vulncheck.com/advisories/openclaw-dns-pinning-bypass-via-environment-proxy-configuration-in-web-fetch
Code Behaviors & Features
Detect and mitigate CVE-2026-22181 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →