OpenClaw SSRF Vulnerability (CVE-2026-43576) Allows Untrusted Pivoting
The National Vulnerability Database reports a high-severity server-side request forgery (SSRF) vulnerability, CVE-2026-43576, impacting OpenClaw before version 2026.4.5. This flaw resides in the CDP /json/version WebSocket endpoint, where inadequate validation of the webSocketDebuggerUrl response field enables attackers to redirect connections to arbitrary hosts.
This vulnerability, rated 7.7 (HIGH) on the CVSS scale, allows attackers to pivot to untrusted second-hop targets. The core issue lies in the lack of proper input sanitization, a common pitfall leading to CWE-601 (Redirection to Untrusted Site) and CWE-918 (Server-Side Request Forgery) weaknesses. Attackers can exploit this to bypass network segmentation and access internal resources.
For defenders, this means a direct path to internal network reconnaissance and potential data exfiltration. The attacker’s calculus here is clear: leverage a seemingly benign WebSocket endpoint to gain a foothold, then pivot deep into the network. This isn’t just about redirecting a browser; it’s about using the server itself as a proxy for malicious activity.
What This Means For You
- If your organization uses OpenClaw, you need to prioritize patching to version 2026.4.5 or later immediately. Audit your network for any unusual outbound connections from OpenClaw instances, as this SSRF can be used to scan internal networks or access sensitive services that are not internet-facing.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-43576 - OpenClaw WebSocket SSRF to Arbitrary Host
title: CVE-2026-43576 - OpenClaw WebSocket SSRF to Arbitrary Host
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
Detects the specific OpenClaw SSRF vulnerability (CVE-2026-43576) by identifying requests to the /json/version endpoint with a 'webSocketDebuggerUrl' parameter in the query string. This indicates an attempt to exploit the vulnerability to redirect connections to arbitrary hosts.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-43576/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/json/version'
cs-method:
- 'GET'
sc-status:
- '200'
cs-uri-query|contains:
- 'webSocketDebuggerUrl'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-43576 | SSRF | OpenClaw < 2026.4.5 |
| CVE-2026-43576 | SSRF | CDP /json/version WebSocket endpoint |
| CVE-2026-43576 | SSRF | webSocketDebuggerUrl response field |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to...
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure...
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`....