GHSA-6MGF-V5J7-45CR: Sensitive Information Leak via Cross-Origin Redirects in OpenClaw
Vulnerability ID: GHSA-6MGF-V5J7-45CR
CVSS Score: 7.5
Published: 2026-03-09
OpenClaw versions prior to v2026.3.7 suffer from a sensitive information disclosure vulnerability in the fetch-guard component. During cross-origin HTTP redirects, custom authentication headers are improperly forwarded to untrusted domains due to an incomplete denylist validation approach.
TL;DR
A fail-open design in OpenClaw's fetch utility leaks custom API keys and tokens during cross-origin redirects.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-200
- Attack Vector: Network
- Severity: High
- Exploit Status: Proof of Concept (PoC)
- Vulnerability Type: Information Disclosure
- Remediation: Patch Available
Affected Systems
- OpenClaw fetch-guard component
- Applications utilizing fetchWithSsrFGuard
-
OpenClaw: < v2026.3.7 (Fixed in:
v2026.3.7)
Code Analysis
Commit: 4671537
Switch from denylist to strict allowlist for cross-origin redirect headers
Mitigation Strategies
- Implement strict allowlisting for HTTP headers across origin boundaries.
- Update the OpenClaw dependency to the patched version.
- Rotate any credentials potentially exposed by the vulnerable fetch utility.
Remediation Steps:
- Upgrade OpenClaw to version v2026.3.7 or later.
- Audit application logs for unexpected cross-origin redirects from trusted endpoints.
- Identify the usage of custom headers (e.g., X-Api-Key) within the application.
- Revoke and regenerate custom authentication tokens if exposure is suspected based on log analysis.
References
Read the full report for GHSA-6MGF-V5J7-45CR on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)