CVE-2026-27488 | OpenClaw up to 2026.2.18 server-cron.ts fetch server-side request forgery (GHSA-w45g-5746-x9fp)

A vulnerability was found in OpenClaw up to 2026.2.18 and classified as critical. Affected is the function fetch of the file src/gateway/server-cron.ts. Executing a manipulation can lead to server-side request forgery.

This vulnerability is tracked as CVE-2026-27488. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More