Vulnerability Description
OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by exploiting route-driven navigation without proper policy re-validation.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f6904615
- https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj
- https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via
FAQ
What is CVE-2026-42436?
CVE-2026-42436 is a vulnerability with a CVSS score of 7.7 (HIGH). OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation...
How severe is CVE-2026-42436?
CVE-2026-42436 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-42436?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.