1  info:
 2    name: OpenClaw
 3    cve: GHSA-6mgf-v5j7-45cr
 4    summary: OpenClaw fetch-guard forwards custom authorization headers across cross-origin redirects
 5    details: >-
 6      漏洞概述
 7  
 8      OpenClaw SSRF漏洞。OpenClaw fetch-guard forwards custom authorization headers across cross-origin redirects。
 9  
10      受影响版本
11  
12      - 软件包：openclaw (npm)
13      - 受影响：<= 2026.3.2
14      - 已修复：2026.3.7
15  
16      安全影响
17  
18      A remote service that could trigger a redirect across origins could receive custom authorization credentials attached by OpenClaw callers. This can expose API keys, bearer-style custom headers, or private token headers intended only for the original destination.
19  
20      （原文技术细节请参阅英文版规则文件）
21    cvss: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
22    severity: 高危
23    security_advise: '建议将 OpenClaw 升级至 >= 2026.3.7 或更高版本。 修复提交 - 46715371b0612a6f9114dffd1466941ac476cef5'
24    references:
25    - https://github.com/openclaw/openclaw/security/advisories/GHSA-6mgf-v5j7-45cr
26  rule: 'version <= "2026.3.2"'
27  references:
28  - https://github.com/openclaw/openclaw/security/advisories/GHSA-6mgf-v5j7-45cr