The OpenClaw software has vulnerabilities that allow remote attackers to exploit unguarded fetch() calls and unvalidated redirects in the marketplace plugin download functionality.

Cybersecurity Technology ConflictApr 21, 2026score 0.172 posts · 0 replies across 1 instances

The thread discusses two vulnerabilities in the OpenClaw software, both related to server-side request forgery in the marketplace plugin download functionality, allowing remote attackers to make arbitrary network requests and access internal resources through unvalidated redirects.

Claims

Parent: CybersecurityEntity: OpenClaw softwareImpact: negativeDate: Apr 21, 2026Target: The security of the OpenClaw software

Source posts

@[email protected]

🚨 EUVD-2026-24002

📊 Score: 4.8/10 (CVSS v3.1)
📦 Product: OpenClaw, OpenClaw
🏢 Vendor: OpenClaw
📅 Updated: 2026-04-20

📝 OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24002

#cybersecurity #infosec #euvd #cve #vulnerability

1 boosts · 0 favs · 0 replies · Apr 21, 2026

#cybersecurity#infosec#euvd#cve#vulnerability

@[email protected]

🚨 EUVD-2026-24012

📊 Score: 4.8/10 (CVSS v3.1)
📦 Product: OpenClaw, OpenClaw
🏢 Vendor: OpenClaw
📅 Updated: 2026-04-20

📝 OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to acce...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24012

#cybersecurity #infosec #euvd #cve #vulnerability

1 boosts · 0 favs · 0 replies · Apr 21, 2026

#cybersecurity#infosec#euvd#cve#vulnerability