Plateforme
nodejs
Composant
openclaw
Corrigé dans
2026.3.1
2026.3.1
CVE-2026-31989 describes a Server-Side Request Forgery (SSRF) vulnerability in OpenClaw, specifically within its web_search citation redirect resolution. This flaw allows an attacker to influence citation redirect targets, potentially triggering requests to internal network destinations. Versions of OpenClaw prior to 2026.2.26 are affected, and the vulnerability has been patched in version 2026.3.1.
The impact of this SSRF vulnerability lies in the ability of an attacker to initiate requests from the OpenClaw host to internal network resources. By manipulating citation redirect targets, an attacker could potentially access sensitive data residing on internal servers, interact with internal APIs, or even attempt to pivot to other systems within the network. While the description doesn't detail specific data at risk, the potential for internal network scanning and data exfiltration is significant. This vulnerability could be exploited to gain unauthorized access to internal services and data, potentially leading to a broader compromise of the affected environment.
CVE-2026-31989 was publicly disclosed on March 2, 2026. There is no indication of this vulnerability being actively exploited at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available, but the SSRF nature of the vulnerability suggests that exploitation is relatively straightforward once a suitable attack vector is identified.
Organizations utilizing OpenClaw for web search and citation processing are at risk, particularly those with internal services accessible via the network. Environments with less stringent network segmentation or those relying on untrusted citation sources are especially vulnerable. Any deployment of OpenClaw versions prior to 2026.3.1 should be considered at risk.
• nodejs / server:
journalctl -u openclaw | grep -i "citation redirect"• generic web:
curl -I <openclaw_endpoint> | grep -i "X-Forwarded-For"• generic web:
grep -r "web_search" /path/to/openclaw/source/codedisclosure
Statut de l'Exploit
EPSS
0.05% (percentile 14%)
CISA SSVC
The primary mitigation for CVE-2026-31989 is to upgrade OpenClaw to version 2026.3.1 or later. This version implements a stricter SSRF policy that blocks redirects to localhost and private/internal network destinations. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the OpenClaw host to only necessary destinations. Review and validate all citation redirect sources to ensure they are trustworthy. There are no specific WAF rules or detection signatures readily available for this vulnerability, so proactive monitoring of network traffic for unusual outbound requests is recommended.
Mettez à jour OpenClaw à la version 2026.3.1 ou supérieure. Cela corrige la vulnérabilité de Server-Side Request Forgery (SSRF) dans la résolution de redirection de citation de recherche web.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-31989 is a Server-Side Request Forgery vulnerability in OpenClaw affecting versions up to 2026.2.26, allowing attackers to trigger internal network requests.
Yes, if you are running OpenClaw versions 2026.2.26 or earlier, you are vulnerable to this SSRF vulnerability.
Upgrade OpenClaw to version 2026.3.1 or later to resolve the vulnerability. This version implements a stricter SSRF policy.
There is currently no evidence of CVE-2026-31989 being actively exploited, but the SSRF nature of the vulnerability warrants caution.
Refer to the OpenClaw project's official security advisories for the most up-to-date information and announcements regarding CVE-2026-31989.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.