OpenClaw Server-Side Request Forgery Vulnerability in fal Provider
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.3.28. The issue resides in the fal provider's image-generation component, where unguarded fetches for image downloads can be exploited to access internal URLs. This vulnerability allows a malicious or compromised fal relay to retrieve and expose internal service metadata and responses through the image processing pipeline.
Impact
Exploitation of this vulnerability could lead to unauthorized access to internal URLs and services, allowing for the exposure of sensitive metadata and service responses.
Reproduction
The vulnerability can be reproduced by sending a request through a fal relay that is allowed to fetch internal URLs. The relay can then access internal service metadata and responses by exploiting the unguarded image download fetches in the fal provider's image-generation component.
Remediation
Users can update to OpenClaw version 2026.3.28 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.