HIGHCVE-2026-31989CVSS 7.5

CVE-2026-31989: SSRF in OpenClaw

Platform

nodejs

Component

openclaw

Fixed in

2026.3.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2026-31989 describes a Server-Side Request Forgery (SSRF) vulnerability in OpenClaw, specifically within its web_search citation redirect resolution. This flaw allows an attacker to influence citation redirect targets, potentially triggering requests to internal network destinations. Versions of OpenClaw prior to 2026.2.26 are affected, and the vulnerability has been patched in version 2026.3.1.

Impact and Attack Scenarios

The impact of this SSRF vulnerability lies in the ability of an attacker to initiate requests from the OpenClaw host to internal network resources. By manipulating citation redirect targets, an attacker could potentially access sensitive data residing on internal servers, interact with internal APIs, or even attempt to pivot to other systems within the network. While the description doesn't detail specific data at risk, the potential for internal network scanning and data exfiltration is significant. This vulnerability could be exploited to gain unauthorized access to internal services and data, potentially leading to a broader compromise of the affected environment.

Exploitation Context

CVE-2026-31989 was publicly disclosed on March 2, 2026. There is no indication of this vulnerability being actively exploited at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available, but the SSRF nature of the vulnerability suggests that exploitation is relatively straightforward once a suitable attack vector is identified.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Reports1 threat report

EPSS

0.05% (14% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

Affected Software

Componentopenclaw

Vendorosv

Affected rangeFixed in

0 – 2026.3.12026.3.1

—2026.3.1

Weakness Classification (CWE)

CWE-918

Timeline

Reserved2026-03-10
Published2026-03-02
Modified2026-03-20
EPSS updated2026-03-26

Mitigation and Workarounds

The primary mitigation for CVE-2026-31989 is to upgrade OpenClaw to version 2026.3.1 or later. This version implements a stricter SSRF policy that blocks redirects to localhost and private/internal network destinations. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the OpenClaw host to only necessary destinations. Review and validate all citation redirect sources to ensure they are trustworthy. There are no specific WAF rules or detection signatures readily available for this vulnerability, so proactive monitoring of network traffic for unusual outbound requests is recommended.

How to fix

Update OpenClaw to version 2026.3.1 or higher. This corrects the Server-Side Request Forgery (SSRF) vulnerability in web search citation redirect resolution.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-31989 — SSRF in OpenClaw?

CVE-2026-31989 is a Server-Side Request Forgery vulnerability in OpenClaw affecting versions up to 2026.2.26, allowing attackers to trigger internal network requests.

Am I affected by CVE-2026-31989 in OpenClaw?

Yes, if you are running OpenClaw versions 2026.2.26 or earlier, you are vulnerable to this SSRF vulnerability.

How do I fix CVE-2026-31989 in OpenClaw?

Upgrade OpenClaw to version 2026.3.1 or later to resolve the vulnerability. This version implements a stricter SSRF policy.

Is CVE-2026-31989 being actively exploited?

There is currently no evidence of CVE-2026-31989 being actively exploited, but the SSRF nature of the vulnerability warrants caution.

Where can I find the official OpenClaw advisory for CVE-2026-31989?

Refer to the OpenClaw project's official security advisories for the most up-to-date information and announcements regarding CVE-2026-31989.