CVE-2026-53812— OpenClaw 代码问题漏洞

OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

服务端请求伪造(SSRF)

OpenClaw 代码问题漏洞

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.5.18之前版本存在代码问题漏洞，该漏洞源于浏览器控制中的服务器端请求伪造问题，允许经过身份验证的用户通过Playwright act交互绕过私有网络导航检查。攻击者可以通过操作触发的重定向触发对私有网络目标的导航，随后使用浏览器评估功能读取受限页面内容。

N/A

N/A