CVE-2026-32037

LOW EPSS 6.9%
Published Mar 19, 20263mo ago · Modified Jun 17, 20261w ago
2.3 CVSS 4.0
Low
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls.

CVSS Details

Base Score
2.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
6.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.22

References 4

  • github.com https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c
    Patch
  • github.com https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-w76h-8m22-hpgh
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-redirect-chain-bypass-of-media-host-allowlist-in-msteams-attachment-handling
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c
    Patch
  • github.com https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124
    Patch