Launch Week Day 1: Announcing Security Design Review
Start for Free
LOW 3.1 npm

OpenClaw SSRF guard misses four IPv6 special-use ranges

GHSA-g86v-f9qv-rh6m

Published ยท Modified

Description

Summary

The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed.

Impact

An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard.

Affected Component

src/shared/net/ip.ts, src/infra/net/ssrf.*

Fixed Versions

  • Affected: <= 2026.3.24
  • Patched: >= 2026.3.28
  • Latest stable 2026.3.28 contains the fix.

Fix

Fixed by commit d61f8e5672 (Net: block missing IPv6 special-use ranges).

OpenClaw thanks @nicky-cc of Tencent zhuque Lab https://github.com/Tencent/AI-Infra-Guard for reporting.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes