Vulnerability DatabaseCVE-2026-22181
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-22181
March 18, 2026
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY environment variables are present, attacker-influenced URLs can be routed through proxy behavior instead of pinned-destination routing, enabling access to internal targets reachable from the proxy environment.
Affected Packages
openclaw (NPM):
Affected version(s) >=0.0.1 <2026.3.2
Fix Suggestion:
Update to version 2026.3.2
Related ResourcesĀ (5)
https://github.com/openclaw/openclaw/security/advisories/GHSA-8mvx-p2r9-r375
https://github.com/openclaw/openclaw
https://www.vulncheck.com/advisories/openclaw-dns-pinning-bypass-via-environment-proxy-configuration-in-web-fetch
https://nvd.nist.gov/vuln/detail/CVE-2026-22181
https://github.com/openclaw/openclaw/commit/345abf0b2e0f43b0f229e96f252ebf56f1e5549e
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Server-Side Request Forgery (SSRF)
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-367
EPSS
Base Score:
0.04