CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Positive Technologies•added 2026/04/09 12:0 a.m.•3 views

PT-2026-31772

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 performs cite expansion before completing channel and direct message DM authorization checks. This allows cite work and content handling to occur before final...

7.3CVSS5.7AI score0.00247EPSS

Exploits0References9

RedhatCVE•added 2026/03/26 3:7 p.m.•2 views

CVE-2026-31989

OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...

7.4CVSS5.8AI score0.00184EPSS

Exploits0References1

EUVD•added 2026/03/24 12:30 a.m.•7 views

EUVD-2026-14582

OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in websearch citation redirect resolution that allows attackers to target private-network destinations. Attackers who influence citation redirect targets can trigger internal-network requests from the OpenClaw gateway...

6.9CVSS5.8AI score

Exploits0References3

NVD•added 2026/03/23 10:16 p.m.•1 views

CVE-2026-32902

Rejected reason: This CVE ID has been rejected...

Exploits0

Cvelist•added 2026/03/23 9:36 p.m.•23 views

CVE-2026-32902

...

Exploits0

CVE•added 2026/03/23 9:36 p.m.•7 views

CVE-2026-32902

OpenClaw vulnerable before 2026.3.1 due to a server-side request forgery in web_search citation redirect resolution, enabling an attacker to induce the gateway host to make internal-network requests to private destinations. The issue arises from how citation redirects are resolved and can lead to...

5.8AI score

Exploits0

Positive Technologies•added 2026/03/23 12:0 a.m.•3 views

PT-2026-27236

OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in web search citation redirect resolution that allows attackers to target private-network destinations. Attackers who influence citation redirect targets can trigger internal-network requests from the OpenClaw gateway...

8.3CVSS5.8AI score

Exploits0References5

EUVD•added 2026/03/19 3:30 a.m.•5 views

EUVD-2026-13017

7.4CVSS5.8AI score0.00184EPSS

Exploits0References3

Github Security Blog•added 2026/03/19 3:30 a.m.•7 views

Duplicate Advisory: web_search citation redirect SSRF via private-network-allowing policy

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g99v-8hwm-g76g. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirec...

7.4CVSS5.7AI score0.00184EPSS

Exploits0References4Affected Software1

NVD•added 2026/03/19 2:16 a.m.•4 views

CVE-2026-31989

7.4CVSS0.00184EPSS

Exploits0References2

OSV•added 2026/03/19 2:16 a.m.•4 views

CVE-2026-31989

6.3CVSS5.9AI score

Exploits0References2

Cvelist•added 2026/03/19 1:0 a.m.•23 views

CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect

7.4CVSS0.00184EPSS

Exploits0References2

ATTACKERKB•added 2026/03/19 1:0 a.m.•3 views

CVE-2026-31989

7.4CVSS5.8AI score0.00184EPSS

Exploits0References3

CVE•added 2026/03/19 1:0 a.m.•13 views

CVE-2026-31989

CVE-2026-31989 affects OpenClaw versions prior to 2026.3.1, which contain a server-side request forgery (SSRF) vulnerability in the web_search citation redirect resolution. The issue relies on a private-network-allowing policy, enabling an attacker who can influence citation redirect targets to i...

7.4CVSS5.8AI score0.00184EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/19 1:0 a.m.•1 views

CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect

7.4CVSS5.8AI score0.00184EPSS

Exploits0References2

Positive Technologies•added 2026/03/19 12:0 a.m.•3 views

PT-2026-26229

OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host...

7.4CVSS5.8AI score0.00184EPSS

Exploits0References8

Snyk•added 2026/03/02 10:3 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the websearch citation redirect. An attacker can access internal network resources by supplying a crafted citation redirect target that points to...

9.3CVSS5.8AI score0.00184EPSS

Exploits0References2

Github Security Blog•added 2026/03/02 10:3 p.m.•9 views

OpenClaw has web_search citation redirect SSRF via private-network-allowing policy

Summary Gemini websearch citation redirect resolution used a private-network-allowing SSRF policy. A citation URL redirect could target loopback/private/internal destinations and be fetched by the gateway. Impact An attacker who can influence citation redirect targets could trigger internal-netwo...

7.4CVSS5.9AI score0.00184EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/02 10:3 p.m.•3 views

GHSA-G99V-8HWM-G76G OpenClaw has web_search citation redirect SSRF via private-network-allowing policy

8.7CVSS5.9AI score0.00184EPSS

Exploits0References4

Vulnrichment•added 2026/02/19 7:10 p.m.•6 views

CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS5.6AI score0.00194EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by