OpenClaw: Malicious Fal Relay Can Fetch Internal URLs

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

OpenClaw: Malicious Fal Relay Can Fetch Internal URLs

GHSA-qxgf-hmcj-3xw3

Summary

A vulnerability in OpenClaw's Fal provider could allow a malicious or compromised relay to access internal URLs and expose sensitive information. This affects users who are running versions of OpenClaw up to 2026.3.24. To fix this issue, update to version 2026.3.28 or later.

What to do

Update GitHub Actions openclaw to version 2026.3.28.

Affected software

Vendor	Product	Affected versions	Fix available
GitHub Actions	openclaw	<= 2026.3.28	2026.3.28

Original title

OpenClaw affected by SSRF via unguarded image download in fal provider

Original description

## Summary

The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path.

## Impact

A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses through the image pipeline.

## Affected Component

`extensions/fal/image-generation-provider.ts`

## Fixed Versions

- Affected: `<= 2026.3.24`
- Patched: `>= 2026.3.28`
- Latest stable `2026.3.28` contains the fix.

## Fix

Fixed by commit `80d1e8a11a` (`fal: guard image fetches`).

osv CVSS4.0 7.3

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026