Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
6DescriptionCVE.org
OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in web_search citation redirect resolution that allows attackers to target private-network destinations. Attackers who influence citation redirect targets can trigger internal-network requests from the OpenClaw gateway host.
AnalysisAI
OpenClaw contains a server-side request forgery (SSRF) vulnerability in its web search citation redirect resolution mechanism that allows unauthenticated remote attackers to trigger requests to internal network destinations from the OpenClaw gateway host. OpenClaw versions prior to 2026.3.1 are affected. Attackers who can influence citation redirect targets can exploit this to access private network resources, with a CVSS score of 8.3 indicating high severity with low complexity and no privileges required.
Technical ContextAI
This vulnerability affects OpenClaw (CPE: cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*), which appears to be a web-based application with citation or search functionality. The issue is classified as CWE-918 (Server-Side Request Forgery), a vulnerability class where an application can be manipulated to make HTTP requests to arbitrary destinations chosen by the attacker. In this case, the flaw exists in the citation redirect resolution component of the web search functionality, where the application follows redirects without proper validation of the target destination. This allows attackers to abuse the server as a proxy to access internal network resources that would normally be unreachable from external networks, bypassing firewall protections and network segmentation.
RemediationAI
Upgrade OpenClaw to version 2026.3.1 or later, which addresses the SSRF vulnerability in citation redirect resolution (see GitHub advisory https://github.com/openclaw/openclaw/security/advisories/GHSA-g99v-8hwm-g76g). As an interim mitigation before patching, implement network segmentation to restrict the OpenClaw gateway host's access to internal networks using firewall rules or security groups, limiting outbound connections to only necessary external destinations. Deploy a web application firewall (WAF) with rules to detect and block SSRF attempts by monitoring for suspicious redirect targets, private IP addresses (RFC 1918 ranges), localhost references, and cloud metadata endpoints. Review application logs for any suspicious citation redirect activity that may indicate reconnaissance or exploitation attempts.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14582
GHSA-m9v8-cr49-xcmg