OpenClaw Server-Side Request Forgery Vulnerability in Marketplace Plugin
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.3.31. This vulnerability resides within the marketplace plugin's download functionality, allowing remote attackers to make arbitrary network requests. Exploitation of this vulnerability takes advantage of unguarded fetch() calls, potentially giving attackers access to internal resources or enabling interaction with external services on behalf of the affected system.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests from the server to internal or external resources, potentially leading to unauthorized access or information disclosure.
Reproduction
The vulnerability can be reproduced by using an affected version of OpenClaw and initiating a download through the marketplace plugin that involves an untrusted URL. This will trigger the unguarded fetch() call, allowing for arbitrary network requests to be made from the server.
Remediation
Users can upgrade to OpenClaw version 2026.3.31 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.