CVE-2026-28467: OpenClaw affected by SSRF via attachment/media URL hydration
(updated )
Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary http(s) URLs during attachment/media hydration. An attacker who can influence the media URL (for example via model-controlled sendAttachment or auto-reply media URLs) could trigger SSRF to internal resources and exfiltrate the fetched bytes as an outbound attachment.
References
- github.com/advisories/GHSA-wfp2-v9c7-fh79
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/81c68f582d4a9a20d9cca9f367d2da9edc5a65ae
- github.com/openclaw/openclaw/commit/9bd64c8a1f91dda602afc1d5246a2ff2be164647
- github.com/openclaw/openclaw/releases/tag/v2026.2.2
- github.com/openclaw/openclaw/security/advisories/GHSA-wfp2-v9c7-fh79
- nvd.nist.gov/vuln/detail/CVE-2026-28467
- www.vulncheck.com/advisories/openclaw-ssrf-via-attachment-media-url-hydration
Code Behaviors & Features
Detect and mitigate CVE-2026-28467 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →