CVE-2026-22181

EPSS 0.07%

OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured

發布日:2026/3/3修改日:2026/3/19
也稱為:GHSA-8mvx-p2r9-r375

描述

### Summary `openclaw` web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured (`HTTP_PROXY`/`HTTPS_PROXY`/`ALL_PROXY`, including lowercase variants). In affected builds, strict URL checks (for example `web_fetch` and citation redirect resolution) validated one destination during SSRF guard checks, but runtime connection routing could proceed through an env-proxy dispatcher. ### Affected Packages / Versions - Package: `openclaw` (npm) - Vulnerable version range: `<= 2026.3.1` - Latest published npm version at triage time (2026-03-02): `2026.3.1` - Patched versions: `>= 2026.3.2` (released) ### Technical Details The SSRF guard performed hostname resolution and policy checks, then selected a request dispatcher. When env proxy settings were present, strict web-tool flows could use `EnvHttpProxyAgent` instead of the DNS-pinned dispatcher. This created a destination-binding gap between check-time resolution and connect-time routing. The fix keeps DNS pinning on strict/untrusted web-tool URL paths and limits env-proxy bypass behavior to trusted/operator-controlled endpoints via an explicit dangerous opt-in. ### Impact In deployments with env proxy variables configured, attacker-influenced URLs from web tools could be routed through proxy behavior instead of strict pinned-destination routing, which could allow access to internal/private targets reachable from that proxy environment. ### Mitigations Before upgrading, operators can reduce exposure by clearing proxy env vars for OpenClaw runtime processes or disabling `web_fetch` / `web_search` where untrusted URL input is possible. ### Fix Commit(s) - `345abf0b2e0f43b0f229e96f252ebf56f1e5549e`

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

參考連結(5)