Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
OpenClaw: Malicious Headers Sent to Wrong Server
GHSA-6mgf-v5j7-45cr
Summary
OpenClaw, a Node.js library, allowed sensitive information like API keys to be sent to the wrong server when a user was redirected to a different website. This could happen if an attacker could trick a user into following a link to a malicious site. To fix this, the library now only allows certain safe headers to be sent during redirects, preventing sensitive information from being exposed.
What to do
- Update openclaw to version 2026.3.7.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.2 | 2026.3.7 |
Original title
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects
Original description
OpenClaw's `fetchWithSsrFGuard(...)` followed cross-origin redirects while preserving arbitrary caller-supplied headers except for a narrow denylist (`Authorization`, `Proxy-Authorization`, `Cookie`, `Cookie2`). This allowed custom authorization headers such as `X-Api-Key`, `Private-Token`, and similar sensitive headers to be forwarded to a different origin after a redirect.
The fix switches cross-origin redirect handling from a narrow sensitive-header denylist to a safe-header allowlist, so only benign headers such as content negotiation and cache validators survive an origin change.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.3.2`
- Patched version: `2026.3.7`
- Latest published npm version at patch time: `2026.3.2`
## Impact
A remote service that could trigger a redirect across origins could receive custom authorization credentials attached by OpenClaw callers. This can expose API keys, bearer-style custom headers, or private token headers intended only for the original destination.
## Fix Commit(s)
- `46715371b0612a6f9114dffd1466941ac476cef5`
## Verification
- `pnpm check` passed
- `pnpm test:fast` passed
- Focused redirect regression tests passed
- `pnpm exec vitest run --config vitest.gateway.config.ts` still has unrelated current-`main` failures in `src/gateway/server-channels.test.ts` and `src/gateway/server-methods/agents-mutate.test.ts`
## Release Process Note
npm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.
Thanks @Rickidevs for reporting.
The fix switches cross-origin redirect handling from a narrow sensitive-header denylist to a safe-header allowlist, so only benign headers such as content negotiation and cache validators survive an origin change.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.3.2`
- Patched version: `2026.3.7`
- Latest published npm version at patch time: `2026.3.2`
## Impact
A remote service that could trigger a redirect across origins could receive custom authorization credentials attached by OpenClaw callers. This can expose API keys, bearer-style custom headers, or private token headers intended only for the original destination.
## Fix Commit(s)
- `46715371b0612a6f9114dffd1466941ac476cef5`
## Verification
- `pnpm check` passed
- `pnpm test:fast` passed
- Focused redirect regression tests passed
- `pnpm exec vitest run --config vitest.gateway.config.ts` still has unrelated current-`main` failures in `src/gateway/server-channels.test.ts` and `src/gateway/server-methods/agents-mutate.test.ts`
## Release Process Note
npm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.
Thanks @Rickidevs for reporting.
ghsa CVSS3.1
7.5
Vulnerability type
CWE-116
CWE-184
CWE-522
Insufficiently Protected Credentials
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026