10 matches found
GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...
OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...
Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...
GHSA-35CQ-WV6V-88XF Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...
EUVD-2026-17471
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-34504
CVE-2026-34504 affects OpenClaw prior to version 2026.3.28, via the fal provider image-generation-provider.ts, enabling a server-side request forgery (SSRF) to fetch internal URLs. Attackers using a compromised fal relay can trigger unguarded image download fetches to expose internal service meta...
PT-2026-29266
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description A server-side request forgery condition exists in the fal provider image-generation-provider.ts component. This allows attackers to retrieve internal URLs. A compromised or malicious fal relay c...