Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/04/01 12:1 a.m.10 views

OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/01 12:1 a.m.2 views

GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

2.3CVSS5.9AI score0.00227EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/31 3:31 p.m.4 views

EUVD-2026-17471

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 3:31 p.m.8 views

Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...

8.3CVSS5.8AI score0.00227EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 3:31 p.m.2 views

GHSA-35CQ-WV6V-88XF Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 3:16 p.m.7 views

CVE-2026-34504

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...

8.3CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:10 p.m.15 views

CVE-2026-34504

OpenClaw vulnerable to server-side request forgery via unguarded image-fetches in the fal provider’s image-generation-provider.ts. A malicious or compromised fal relay could have the gateway fetch internal URLs and expose internal service metadata and responses through the image pipeline. Affecte...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.3 views

CVE-2026-34504

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.31 views

CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...

8.3CVSS0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29266

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description A server-side request forgery condition exists in the fal provider image-generation-provider.ts component. This allows attackers to retrieve internal URLs. A compromised or malicious fal relay c...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References11
Rows per page
Query Builder