Security Advisory

CVE-2026-32913

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 21:36:15

Last updated 2026-06-23 16:15:15

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intended for the original destination.

← Browse all CVEs View on cve.org ↗