New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 6.5 npm

Duplicate Advisory: Hostname checks could treat trailing-dot hosts inconsistently

GHSA-vqx6-6j84-2794

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-gxg4-2rrr-jhc7. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Ready to move

Start Securing

Free, no credit card | First findings in minutes