ByteOS Network

CVE Vulnerability Details :

CVE-2026-27488

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-21 Feb, 2026 | 09:49

Updated At-21 Feb, 2026 | 09:49

▼CVE Numbering Authority (CNA)

OpenClaw hardened cron webhook delivery against SSRF

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.

Affected Products

Vendor

openclaw

Product

openclaw

Versions

Affected

< 2026.2.19

Problem Types

Type	CWE ID	Description
CWE	CWE-918	CWE-918: Server-Side Request Forgery (SSRF)

Type: CWE

CWE ID: CWE-918

Description: CWE-918: Server-Side Request Forgery (SSRF)

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

References

Hyperlink	Resource
https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp	x_refsource_CONFIRM
https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655	x_refsource_MISC
https://github.com/openclaw/openclaw/releases/tag/v2026.2.19	x_refsource_MISC

Hyperlink: https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655

Resource:

x_refsource_MISC

Hyperlink: https://github.com/openclaw/openclaw/releases/tag/v2026.2.19

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References