OpenClaw Server-Side Request Forgery Vulnerability in Marketplace Plugin Download Functionality
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.3.31. The issue resides within the marketplace plugin's download feature, where the marketplace.ts module fails to validate redirect destinations during archive downloads. This oversight allows remote attackers to redirect requests to arbitrary internal or external servers, potentially accessing sensitive resources.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server to make requests on its behalf, potentially accessing internal resources or services.
Reproduction
The vulnerability can be reproduced by downloading a marketplace archive from a server that the OpenClaw instance is running on. The download process will follow unvalidated redirects, allowing for the interception or manipulation of the request.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.