Description
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive downloads, enabling remote attackers to redirect requests to arbitrary internal or external servers.
Published: 2026-04-20
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery
Action: Apply Patch
AI Analysis

Impact

A server‑side request forgery flaw exists in OpenClaw before version 2026.3.31 in the marketplace plugin download path. Because the marketplace.ts module does not limit where a redirect can point, an attacker can supply a URL that is redirected to an arbitrary internal or external server. The result is that the OpenClaw server, acting as an intermediary, will send requests to the attacker‑controlled target, leaking information about the internal network and possibly exposing services that should be internal only. The primary consequence is the compromise of confidentiality and potential lateral movement within the internal infrastructure.

Affected Systems

The affected product is OpenClaw (OpenClaw) running on a Node.js environment, specifically all releases older than 2026.3.31. Users of these versions that enable the marketplace plugin download feature are vulnerable.

Risk and Exploitability

The CVSS score of 4.8 classifies the vulnerability as medium severity. No EPSS figure is available, and it is not listed in the CISA KEV catalog. The vulnerability appears exploitable over the network via the marketplace download redirect endpoint and does not require elevated privileges on the target application. Given the lack of evidence for widespread exploitation, the immediate risk is moderate, but any internal service reachable from the OpenClaw host remains susceptible to following the forged requests.

Generated by OpenCVE AI on April 21, 2026 at 15:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.3.31 or later where the redirect limitation has been applied
  • Configure outbound firewall or proxy rules to block OpenClaw from initiating connections to internal networks or to only allow traffic to known trusted services
  • If an update cannot be applied immediately, disable the marketplace plugin or block the download redirect endpoint until the patch is installed

Generated by OpenCVE AI on April 21, 2026 at 15:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vjx8-8p7h-82gr OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection
History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive downloads, enabling remote attackers to redirect requests to arbitrary internal or external servers.
Title OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T13:41:34.057Z

Reserved: 2026-04-20T14:01:13.151Z

Link: CVE-2026-41297

cve-icon Vulnrichment

Updated: 2026-04-21T13:41:30.720Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:30.163

Modified: 2026-04-27T15:05:17.153

Link: CVE-2026-41297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses