Impact
The vulnerability permits leakage of operator-configured custom headers during streamable-http MCP server redirects. Attackers who can control or compromise an MCP endpoint can redirect client requests to attacker-controlled origins, thereby exfiltrating sensitive header values such as API keys or tenant-routing credentials. This information disclosure is identified as CWE-522 and can lead to credential compromise or unauthorized access depending on the exposed header content.
Affected Systems
Users running OpenClaw versions older than 2026.5.12 are affected. The vulnerability is present in all releases before 2026.5.12 of the OpenClaw product, regardless of deployment environment.
Risk and Exploitability
The CVSS score of 6.0 indicates a medium severity vulnerability. The EPSS score of less than 1% suggests a low probability of exploitation at the time of analysis. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires the attacker to have control over an MCP endpoint to inject redirects and capture custom headers; once achieved, header values can be exfiltrated to an external origin. The exposure is remote and does not require local system compromise, making it potentially attractive to attackers with partial control over the MCP service.
OpenCVE Enrichment
Github GHSA