GHSA-2hfg-4fh4-qp7f: OpenClaw's browser act interactions could bypass private-network navigation checks
OpenClaw's browser control feature has a vulnerability where certain Playwright 'act' interactions can bypass private-network navigation checks. This allows an authenticated browser-control user to trigger navigation to private or loopback URLs after the initial SSRF check, potentially reading content from pages normally blocked by private-network policies. The issue affects deployments with browser control enabled and requires authenticated access. It does not grant unauthorized access to OpenClaw itself. The vulnerability is fixed in version 2026.5.18.
AI Analysis
Technical Summary
OpenClaw implements SSRF protections to block direct navigation to private or loopback URLs in its browser control feature. However, some Playwright 'act' interactions can cause navigation after the initial SSRF check, enabling a later browser evaluation to access content from private-network pages that would otherwise be blocked. This bypass affects only authenticated browser-control callers interacting with attacker-controlled pages that cause UI-triggered navigation to private targets. The vulnerability does not allow unauthenticated access to OpenClaw but circumvents private-network navigation guards for a specific browser action path. The issue is resolved in OpenClaw version 2026.5.18.
Potential Impact
An authenticated user with browser control capabilities can bypass private-network navigation restrictions by triggering UI actions that cause navigation to private or loopback URLs after the initial SSRF check. This allows reading content from private pages that should be inaccessible under normal policy enforcement. The vulnerability does not enable unauthorized access to OpenClaw itself and requires authenticated browser control access. There are no known exploits in the wild.
Mitigation Recommendations
Upgrade OpenClaw to version 2026.5.18 or later, where this vulnerability is patched. Until upgrading, restrict browser-control access to trusted operators only and avoid using browser control on untrusted pages in environments hosting sensitive private web services.
GHSA-2hfg-4fh4-qp7f: OpenClaw's browser act interactions could bypass private-network navigation checks
Description
OpenClaw's browser control feature has a vulnerability where certain Playwright 'act' interactions can bypass private-network navigation checks. This allows an authenticated browser-control user to trigger navigation to private or loopback URLs after the initial SSRF check, potentially reading content from pages normally blocked by private-network policies. The issue affects deployments with browser control enabled and requires authenticated access. It does not grant unauthorized access to OpenClaw itself. The vulnerability is fixed in version 2026.5.18.
CVSS v4.0
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenClaw implements SSRF protections to block direct navigation to private or loopback URLs in its browser control feature. However, some Playwright 'act' interactions can cause navigation after the initial SSRF check, enabling a later browser evaluation to access content from private-network pages that would otherwise be blocked. This bypass affects only authenticated browser-control callers interacting with attacker-controlled pages that cause UI-triggered navigation to private targets. The vulnerability does not allow unauthenticated access to OpenClaw but circumvents private-network navigation guards for a specific browser action path. The issue is resolved in OpenClaw version 2026.5.18.
Potential Impact
An authenticated user with browser control capabilities can bypass private-network navigation restrictions by triggering UI actions that cause navigation to private or loopback URLs after the initial SSRF check. This allows reading content from private pages that should be inaccessible under normal policy enforcement. The vulnerability does not enable unauthorized access to OpenClaw itself and requires authenticated browser control access. There are no known exploits in the wild.
Mitigation Recommendations
Upgrade OpenClaw to version 2026.5.18 or later, where this vulnerability is patched. Until upgrading, restrict browser-control access to trusted operators only and avoid using browser control on untrusted pages in environments hosting sensitive private web services.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-2hfg-4fh4-qp7f
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-53812"]
- Ecosystems
- ["npm"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 4.0
Threat ID: 6a46ecd227e9c7971943f346
Added to database: 07/02/2026, 22:57:22 UTC
Last enriched: 07/02/2026, 23:21:56 UTC
Last updated: 07/02/2026, 23:21:56 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.