What is GHSA-7339-549c-w53j?

GHSA-7339-549c-w53j is a security advisory published by GitHub Security Advisories with Medium severity. OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and...

Which CVE IDs does GHSA-7339-549c-w53j cover?

GHSA-7339-549c-w53j covers the following CVE IDs: CVE-2026-35673. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7339-549c-w53j?

GHSA-7339-549c-w53j has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-7339-549c-w53jMediumCVSS 6.5

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-35673 →

📋 Description

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should remain protected.

🔗 References (4)

https://github.com/openclaw/openclaw/security/advisories/GHSA-hcm3-8f6r-6xwg
https://nvd.nist.gov/vuln/detail/CVE-2026-35673
https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-via-browser-debug-export-routes
https://github.com/advisories/GHSA-7339-549c-w53j