OpenClaw versions prior to 2026.3.31 omit browser‑origin checks on HTTP operator endpoints when the application runs in trusted‑proxy mode. This omission permits a Cross‑Site Request Forgery attack in which a malicious web page can cause a victim’s browser to issue authenticated requests to the operator endpoints, enabling unauthorized actions. The flaw is categorized as CWE‑352 and provides attackers with the ability to alter configuration or trigger malicious operations, potentially compromising the integrity of the system.

All deployments of OpenClaw older than version 2026.3.31 that operate in trusted‑proxy mode are affected, regardless of the operating system or web‑application environment. The vulnerability impacts the HTTP operator API endpoints exposed by the application.

The CVSS score of 2.3 indicates a low severity vulnerability. The EPSS score of less than 1% suggests a very low likelihood of exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, attackers can exploit the flaw by hosting a malicious site that triggers requests from a victim’s browser, making the risk contingent on the underlying trusted‑proxy configuration. Because the vulnerability relies on CSRF from a web browser, it requires user interaction or social engineering to be activated.