Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
OpenClaw: Forwarding Sensitive Headers Across Redirects
GHSA-6mgf-v5j7-45cr
Summary
OpenClaw, a JavaScript library, was forwarding sensitive headers like API keys to other websites after a redirect. This could have allowed unauthorized access to those keys. To fix this, the library now only allows safe headers to be forwarded. Update to version 2026.3.7 or later to ensure sensitive headers are not leaked.
What to do
- Update openclaw to version 2026.3.7.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.7 | 2026.3.7 |
Original title
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects
Original description
OpenClaw's `fetchWithSsrFGuard(...)` followed cross-origin redirects while preserving arbitrary caller-supplied headers except for a narrow denylist (`Authorization`, `Proxy-Authorization`, `Cookie`, `Cookie2`). This allowed custom authorization headers such as `X-Api-Key`, `Private-Token`, and similar sensitive headers to be forwarded to a different origin after a redirect.
The fix switches cross-origin redirect handling from a narrow sensitive-header denylist to a safe-header allowlist, so only benign headers such as content negotiation and cache validators survive an origin change.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.3.2`
- Patched version: `2026.3.7`
- Latest published npm version at patch time: `2026.3.2`
## Impact
A remote service that could trigger a redirect across origins could receive custom authorization credentials attached by OpenClaw callers. This can expose API keys, bearer-style custom headers, or private token headers intended only for the original destination.
## Fix Commit(s)
- `46715371b0612a6f9114dffd1466941ac476cef5`
## Verification
- `pnpm check` passed
- `pnpm test:fast` passed
- Focused redirect regression tests passed
- `pnpm exec vitest run --config vitest.gateway.config.ts` still has unrelated current-`main` failures in `src/gateway/server-channels.test.ts` and `src/gateway/server-methods/agents-mutate.test.ts`
## Release Process Note
npm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.
Thanks @Rickidevs for reporting.
The fix switches cross-origin redirect handling from a narrow sensitive-header denylist to a safe-header allowlist, so only benign headers such as content negotiation and cache validators survive an origin change.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.3.2`
- Patched version: `2026.3.7`
- Latest published npm version at patch time: `2026.3.2`
## Impact
A remote service that could trigger a redirect across origins could receive custom authorization credentials attached by OpenClaw callers. This can expose API keys, bearer-style custom headers, or private token headers intended only for the original destination.
## Fix Commit(s)
- `46715371b0612a6f9114dffd1466941ac476cef5`
## Verification
- `pnpm check` passed
- `pnpm test:fast` passed
- Focused redirect regression tests passed
- `pnpm exec vitest run --config vitest.gateway.config.ts` still has unrelated current-`main` failures in `src/gateway/server-channels.test.ts` and `src/gateway/server-methods/agents-mutate.test.ts`
## Release Process Note
npm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.
Thanks @Rickidevs for reporting.
osv CVSS3.1
7.5
Vulnerability type
CWE-116
CWE-184
CWE-522
Insufficiently Protected Credentials
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026