OpenClaw SSRF Flaws Expose Internal Services Through Citation Redirects and Image Fetches
OpenClaw disclosed two high-severity server-side request forgery vulnerabilities affecting versions prior to 2026.3.1 and 2026.3.28. CVE-2026-32902 impacts web_search citation redirect resolution, where attacker-influenced redirect targets can cause the OpenClaw gateway host to send requests to private-network destinations. The issue is tracked as CWE-918 and was assigned a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L, indicating remote exploitation without privileges or user interaction.
Timeline
Mar 31, 2026
CVE-2026-34504 disclosed for OpenClaw fal provider SSRF
CVE-2026-34504 was disclosed for a server-side request forgery vulnerability affecting OpenClaw versions before 2026.3.28. On the disclosure date, VulnCheck records show the CVE was first received with an initial CVSS score and then updated the same day to a higher-impact CVSS vector with changed scope.
Mar 28, 2026
OpenClaw fixes fal provider SSRF in version 2026.3.28
An OpenClaw code change referenced by the disclosure addressed an SSRF issue in the fal provider's image download handling, affecting versions before 2026.3.28. The flaw could allow a malicious or compromised fal relay to fetch internal URLs and expose internal service metadata through the image pipeline.
Mar 23, 2026
CVE-2026-32902 recorded for OpenClaw citation redirect SSRF
A new CVE, CVE-2026-32902, was recorded for a server-side request forgery vulnerability affecting OpenClaw versions before 2026.3.1. The flaw in web_search citation redirect resolution could let attackers induce the OpenClaw gateway host to send requests to private-network destinations.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
OpenClaw Flaws Allowed Authentication Bypass and Admin Privilege Escalation
OpenClaw disclosed two high-severity vulnerabilities affecting versions before `2026.2.21` and `2026.3.25`, exposing gateway routes to unauthorized access and privilege escalation. **CVE-2026-32045** is an authentication bypass in HTTP gateway routes caused by incorrect application of tokenless Tailscale header authentication, allowing attackers on trusted networks to reach protected routes without valid tokens or passwords. The issue is tracked as `CWE-290` and carries a CVSS v3.1 vector of `AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`, indicating a confidentiality-focused impact.
3 weeks ago
OpenClaw Flaws Let Authenticated Users Escalate Privileges and Bypass Authorization
Two high-severity vulnerabilities in OpenClaw exposed paths for authenticated users to gain access beyond their intended roles. **CVE-2026-32042** affects versions before `2026.2.25` and allows an attacker with valid shared gateway authentication to present a self-signed, unpaired device identity and bypass pairing requirements, then self-assign elevated operator scopes including `operator.admin`. The issue is classified as `CWE-863` and effectively turns a trusted but unapproved device identity into a route for privilege escalation. A second flaw, **CVE-2026-32051**, affects OpenClaw versions before `2026.3.1` and allows users with `operator.write` scope to reach owner-only tool surfaces such as gateway and cron through agent runs in scoped-token deployments. The authorization mismatch lets lower-privileged authenticated users perform control-plane actions that should be restricted to owners, creating high risk to confidentiality, integrity, and availability. Advisories for both issues point to fixes and security guidance through GitHub and VulnCheck.
1 weeks ago
OpenClaw Vulnerability Enables Token Exfiltration and One-Click RCE via Malicious Link
A high-severity flaw in **OpenClaw** (also known as *Clawdbot* / *Moltbot*) enables **one-click remote code execution (RCE)** by abusing how the Control UI auto-connects to a gateway specified via a crafted URL. The issue is tracked as **CVE-2026-25253** (CVSS **8.8**) and was fixed in **OpenClaw 2026.1.29**; the core weakness is that the UI trusts `gatewayUrl` from the query string and sends a stored gateway token in the WebSocket connection payload, allowing **token exfiltration** to an attacker-controlled server. With the stolen token, an attacker can connect to the victim’s local gateway and perform privileged actions—such as modifying configuration (e.g., sandbox/tool policies) and invoking privileged operations—resulting in **full gateway compromise** and RCE. Separate reporting also highlights architectural risk in OpenClaw’s local WebSocket-based Chrome orchestration, noting that (prior to patching) unauthenticated connections could be initiated from JavaScript running in a user’s browser, enabling cross-tab/session credential theft; users are advised to **patch immediately** and be cautious about deployment given ongoing security concerns.
1 months ago