Primary

Context

OpenClaw Server-Side Request Forgery Vulnerability in Citation Redirect Resolution

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.3.1. This vulnerability arises in the 'web_search' citation redirect resolution, which improperly allows requests to private, internal, or loopback addresses. An attacker who can manipulate citation redirect targets could exploit this to send requests from the OpenClaw server to internal network destinations.

Impact

Exploitation of this vulnerability could allow an attacker to trigger internal network requests from the OpenClaw host, potentially accessing sensitive resources or services.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later to address this vulnerability. The patched version now employs a strict server-side request forgery policy that blocks redirects to private, internal, or loopback destinations.

Added: Mar 19, 2026, 2:29 AM

Updated: Mar 19, 2026, 2:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.0

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.0

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Server-Side Request Forgery Vulnerability in Citation Redirect Resolution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating