CVE-2026-22181

Description

### Summary `openclaw` web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured (`HTTP_PROXY`/`HTTPS_PROXY`/`ALL_PROXY`, including lowercase variants). In affected builds, strict URL checks (for example `web_fetch` and citation redirect resolution) validated one destination during SSRF guard checks, but runtime connection routing could proceed through an env-proxy dispatcher. ### Affected Packages / Versions - Package: `openclaw` (npm) - Vulnerable version range: `<= 2026.3.1` - Latest published npm version at triage time (2026-03-02): `2026.3.1` - Patched versions: `>= 2026.3.2` (released) ### Technical Details The SSRF guard performed hostname resolution and policy checks, then selected a request dispatcher. When env proxy settings were present, strict web-tool flows could use `EnvHttpProxyAgent` instead of the DNS-pinned dispatcher. This created a destination-binding gap between check-time resolution and connect-time routing. The fix keeps DNS pinning on strict/untrusted web-tool URL paths and limits env-proxy bypass behavior to trusted/operator-controlled endpoints via an explicit dangerous opt-in. ### Impact In deployments with env proxy variables configured, attacker-influenced URLs from web tools could be routed through proxy behavior instead of strict pinned-destination routing, which could allow access to internal/private targets reachable from that proxy environment. ### Mitigations Before upgrading, operators can reduce exposure by clearing proxy env vars for OpenClaw runtime processes or disabling `web_fetch` / `web_search` where untrusted URL input is possible. ### Fix Commit(s) - `345abf0b2e0f43b0f229e96f252ebf56f1e5549e`

How to fix CVE-2026-22181

To remediate CVE-2026-22181, upgrade the affected package to a fixed version below.

• —upgrade to 2026.3.2 or later

Is CVE-2026-22181 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)