EUVD-2026-13017
GHSA-g99v-8hwm-g76g
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
4Description
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback, private, or internal destinations.
Analysis
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery (SSRF) vulnerability in the web_search citation redirect resolution component that permits requests to private network ranges. Authenticated attackers with low privileges can manipulate citation redirect targets to force the OpenClaw server to make requests to loopback addresses, private networks, or internal infrastructure, potentially accessing sensitive internal services or data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all OpenClaw deployments and their current versions; audit user access logs for suspicious citation redirect activity. Within 7 days: implement network segmentation to restrict OpenClaw server outbound access to only necessary external services; deploy WAF rules to block malicious citation redirect payloads; disable the web_search citation feature if not business-critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today