7 matches found
GHSA-PG8G-F2HF-X82M Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that...
EUVD-2026-20781
OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...
Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that...
CVE-2026-40037
OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...
CVE-2026-40037
OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...
CVE-2026-40037 OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects
OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...
PT-2026-31472
OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...