CVE-2026-45000 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulnCheck	CNA	5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
openclaw	openclaw	𝑥 < 2026.4.20	CNA

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Vulnerability Media Exposure

[GERMAN] OpenClaw: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen und Daten zu manipulieren oder offenzulegen.
Published: 2026-04-21T22:00:00+00:00

References

https://github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7

https://github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdf

https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm

https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-browser-cdp-profile-creation