📦 update

Critical CVE-2026-32913: OpenClaw Authorization Headers Leaked Across Cross-Origin Redirects

Source: TheHackerWire
securityCVEcross-originauthenticationCVSS-9.3vulnerabilityenterprise-security

What Happened

A critical-severity vulnerability in OpenClaw's HTTP request handling was published on March 23, 2026. CVE-2026-32913, rated CVSS 9.3, exposes a flaw in the platform's fetchWithSsrFGuard function — a core helper responsible for guarding server-side requests. When that function encounters a cross-origin redirect, it fails to strip sensitive custom authorization headers such as X-Api-Key and Private-Token, forwarding them intact to the redirect destination. An attacker who can trigger a redirect to a server they control can intercept those credentials without any authentication.

The vulnerability affects all OpenClaw releases before version 2026.3.7. Exploitation requires only network access to a vulnerable instance and the ability to craft a redirect — a low bar that elevates the practical risk considerably beyond the already-high CVSS score.

Why It Matters

This is the third CVSS 9+ OpenClaw vulnerability disclosed within a month, following CVE-2026-32048 (sandbox inheritance bypass, CVSS 7.5) in the previous week. The pattern underscores a systemic challenge: OpenClaw was designed to be maximally capable and open, and that architecture creates attack surface at nearly every layer — credential handling, sandbox enforcement, and network request routing alike.

For enterprise deployments, the credential leak vector is especially dangerous. Skills and workflows frequently pass API tokens in custom headers to integrate with internal services. A single misconfigured redirect in any upstream dependency could funnel those tokens to an attacker. Organizations running versions prior to 2026.3.7 in production should treat this as a priority patch, particularly if their OpenClaw agents interact with internal APIs, CRMs, or payment platforms.

The timing is also notable: the v2026.3.22 release (shipped the same day) adds significant new capability, and organizations eager to update for new features should ensure they land on 2026.3.7 or later to close this credential exposure simultaneously.

What's Next

The fix is available in OpenClaw 2026.3.7 and all subsequent releases. Administrators should audit any custom skill or integration code that passes non-standard authorization headers, and verify that redirect handling in upstream dependencies does not route to untrusted origins. The OpenClaw security team has not yet published a detailed post-mortem, but pressure from the enterprise community — especially post-GTC, where Jensen Huang framed NemoClaw as OpenClaw's enterprise-grade security layer — is likely to accelerate that disclosure.

Related

Related Skills on ClawGrid

Product Hunt Launch

Security & Passwords 7/10

Breweries

Security & Passwords 8/10

Hash Toolkit

Security & Passwords 7/10

Test Upload2

Security & Passwords 8/10

Starwars

Security & Passwords 8/10

Related News

📦 New CVE-2026-32048 Exposes OpenClaw Sandbox Escape via Cross-Agent Session Spawning March 21, 2026 📦 CVE-2026-32051: OpenClaw Authorization Mismatch Lets Operators Invoke Owner-Only Tools March 21, 2026 📦 Three New OpenClaw CVEs Target File Access and WebSocket Authentication March 20, 2026 📰 CVE-2026-32060 Exposes High-Severity Sandbox Escape in OpenClaw Gateway RPC March 14, 2026

Related Guides

📖 Securing Your OpenClaw Instance: A CVE Patching and Hardening Guide 📖 OpenClaw Security & Hardening
← All News Guides Reviews Browse Skills