CVE-2026-26324: OpenClaw SSRF Bypass Lets Attackers Sneak Into Internal Networks Using IPv6 Trickery

Aegiron 8 mins0

OpenClaw – SSRF Protection Bypass via IPv4-Mapped IPv6

Overview

CVE-2026-26324 is a high-severity Server-Side Request Forgery (SSRF) bypass vulnerability identified in OpenClaw. The issue existed in the application’s IP validation logic, where IPv4-mapped IPv6 addresses were not properly normalized before security checks were applied.

As a result, internal IP addresses such as 127.0.0.1 or cloud metadata endpoints could be accessed by presenting them in full IPv6 notation. The protection logic failed to recognize these alternative representations as internal or restricted, allowing outbound requests to sensitive destinations.

The vulnerability affects OpenClaw versions up to and including 2026.2.13.

The issue was resolved in version 2026.2.14.

Official Patch / Upgrade Link:
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14

CVSS and Severity Details

  • CVSS v3.1 Score: 7.5 (High)
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

The vulnerability is remotely exploitable without authentication. No prior access to the system is required. The attack can be performed using only crafted HTTP requests.

Technical Root Cause

OpenClaw implemented SSRF filtering to block:

  • Loopback addresses (127.0.0.0/8)
  • Private IPv4 ranges (RFC1918)
  • Link-local addresses
  • Cloud metadata endpoints

However, the validation logic performed checks only against standard IPv4 string representations. IPv4-mapped IPv6 addresses were not normalized to canonical IPv4 form before validation.

Example:

  • IPv4 loopback: 127.0.0.1
  • Equivalent IPv4-mapped IPv6 full notation:
    0:0:0:0:0:ffff:7f00:1

Because this IPv6 format was not recognized as a loopback address, the request was allowed.

The core failure was lack of canonicalization before validation.

Affected Versions

  • All OpenClaw versions ≤ 2026.2.13

Exploitation Scenario (Educational)

The vulnerability could be exploited when:

  1. The application accepts user-supplied URLs.
  2. The backend server fetches the provided URL.
  3. The SSRF protection checks only standard IPv4 patterns.

An attacker could supply a URL structured like:

http://[0:0:0:0:0:ffff:7f00:1]/admin

The application would interpret the address as IPv6 and pass validation.
The underlying network stack would resolve it to 127.0.0.1.

Potential targets:

  • Local admin interfaces
  • Internal microservices
  • Database admin panels
  • Cloud metadata service (169.254.169.254)
  • Internal API endpoints

If cloud metadata were accessed, temporary credentials could potentially be exposed.

No authentication would be required to initiate such a request if the vulnerable endpoint was publicly reachable.

Proof of Concept (Educational)

A minimal conceptual request:

POST /fetch HTTP/1.1
Host: target-app.com
Content-Type: application/json{
  "url": "http://[0:0:0:0:0:ffff:7f00:1]/"
}

If vulnerable, the application would:

  • Accept the request
  • Make an internal call to 127.0.0.1
  • Return internal response content

This example is provided strictly for defensive awareness and testing within authorized environments.

MITRE Mapping

  • CWE-918 – Server-Side Request Forgery (SSRF)

Potential ATT&CK techniques (post exploitation):

  • T1190 – Exploit Public-Facing Application
  • T1046 – Network Service Discovery
  • T1552 – Unsecured Credentials
  • T1555 – Credentials from Cloud Metadata

Indicators of Exploitation

Application-Level Indicators

  • URLs containing ::ffff:
  • Long bracketed IPv6 literals
  • Requests containing [0:0:0:0:0:ffff:
  • Unusual IPv6 targets in user-submitted URL fields

Network-Level Indicators

  • Outbound connections to:
    • 127.0.0.0/8
    • 10.0.0.0/8
    • 172.16.0.0/12
    • 192.168.0.0/16
    • 169.254.169.254
  • Application servers making HTTP requests to internal IP space.

Log Sources for Detection

  • Web server access logs
  • Application request logs
  • Reverse proxy logs
  • Outbound proxy logs
  • Firewall logs
  • VPC flow logs
  • Cloud metadata access logs
  • Endpoint network telemetry

Detection Queries

Splunk

index=web_logs
| search uri="*::ffff:*" OR uri="*0:0:0:0:0:ffff*"
| stats count by src_ip, uri, _time
index=network_logs dest_ip="169.254.169.254"
| stats count by src_ip, dest_ip

ELK / OpenSearch (KQL)

url.path:*::ffff:* OR url.full:*0:0:0:0:0:ffff*
destination.ip:169.254.169.254

Generic Firewall Query Logic

Alert if:

  • Source = OpenClaw server
  • Destination IP in private ranges
  • Protocol = HTTP/HTTPS
  • Triggered shortly after inbound user request

Suricata IDS Rule

alert http any any -> any any (
    msg:"Possible SSRF IPv4-mapped IPv6 attempt";
    http_uri;
    content:"::ffff:";
    nocase;
    sid:900001;
    rev:1;
)

Risk Assessment

The primary risk lies in data exposure.

If cloud metadata were accessed, temporary IAM credentials could have been retrieved.
If internal APIs were reachable, further lateral movement might have been possible.
If administrative interfaces were exposed locally, privilege escalation might have occurred.

The attack does not directly modify data but can enable secondary compromise.

Remediation

1. Upgrade Immediately

Upgrade to version:

2026.2.14 or later

Official patch:
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14

2. Implement Egress Filtering

Block outbound traffic from application servers to:

  • Loopback
  • Private ranges
  • Link-local
  • Metadata endpoints

Unless explicitly required.

3. Enforce Canonicalization

Ensure all IP inputs are:

  • Parsed
  • Normalized
  • Resolved
  • Re-validated after DNS resolution

Before outbound requests are allowed.

4. Disable Metadata Access

If running in cloud:

  • Require IMDSv2 (AWS)
  • Restrict metadata endpoint access via firewall
  • Use instance profiles with minimal permissions

5. Logging and Alerting

Enable detailed outbound request logging.
Baseline expected outbound destinations.
Alert on anomalies.

Incident Response Guidance

If exploitation is suspected:

  1. Patch immediately.
  2. Review logs for IPv6 bracket patterns.
  3. Check for metadata endpoint access.
  4. Rotate cloud credentials.
  5. Review internal API access logs.
  6. Inspect outbound HTTP history.

Summary

CVE-2026-26324 resulted from incomplete IP validation logic.
IPv4-mapped IPv6 addresses bypassed SSRF restrictions.
The vulnerability allowed unauthorized access to internal resources.
No authentication was required.
The attack was simple to execute once understood.

The permanent fix is available in version 2026.2.14.

Timely patching and outbound network restrictions are strongly recommended.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.