OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.