![[openclaw] OpenClaw hardened cron webhook delivery against SSRF](/assets/images/github_com_1771632183700.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 9
[openclaw] OpenClaw hardened cron webhook delivery against SSRF
By GitHub2026๋
2์ 21์ผ
**[openclaw] OpenClaw hardened cron webhook delivery against SSRF**
Affected Packages / Versions openclaw npm package versions <= 2026.2.17. Vulnerability Cron webhook delivery in src/gateway/server-cron.ts used fetch() directly, so webhook targets could reach private/metadata/internal endpoints without SSRF policy checks. Fix Commit(s) 99db4d13e 35851cdaf Thanks @Adam55A-code for reporting. References https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655 https://github.com/openclaw/openclaw/releases/tag/v2026.2.19 https://github.com/advisories/GHSA-w45g-5746-x9fp
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Affected Packages / Versions openclaw npm package versions <= 2026.2.17. Vulnerability Cron webhook delivery in src/gateway/server-cron.ts used fetch() directly, so webhook targets could reach private/metadata/internal endpoints without SSRF policy checks. Fix Commit(s) 99db4d13e 35851cdaf Thanks @Adam55A-code for reporting. References https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655 https://github.com/openclaw/openclaw/releases/tag/v2026.2.19 https://github.com/advisories/GHSA-w45g-5746-x9fp
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.