CVE-2026-32037

Published: Mar 19, 2026Modified: Mar 23, 2026

2.3

Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls.

Affected (1)

Products: Openclaw: Openclaw

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openclaw Openclaw	Before 2026.2.22

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c

Source: disclosure@vulncheck.com

Patch

https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124

Source: disclosure@vulncheck.com

Patch

https://github.com/openclaw/openclaw/security/advisories/GHSA-w76h-8m22-hpgh

Source: disclosure@vulncheck.com

Vendor Advisory

https://www.vulncheck.com/advisories/openclaw-redirect-chain-bypass-of-media-host-allowlist-in-msteams-attachment-handling

Source: disclosure@vulncheck.com

Third Party Advisory

Timeline

No history available yet.