Executive Summary

CVE-2026-31989 is a Server-Side Request Forgery (SSRF) vulnerability found in OpenClaw versions prior to 2026.3.1. It occurs in the web_search citation redirect resolution feature, which used a policy allowing requests to private networks. This means an attacker who can control citation redirect targets can trick the OpenClaw server into making unauthorized requests to internal network addresses such as loopback, private, or other internal destinations.

The vulnerability arises because the server does not properly verify that the destination of the redirected request is legitimate or expected, enabling potential access to sensitive internal resources.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to induce the OpenClaw host to make unauthorized requests to internal network resources. Such requests could expose sensitive internal services or data that are normally protected from external access.

Because the attacker can influence citation redirect targets, they can potentially access or interact with internal systems that should not be reachable from outside, leading to information disclosure or further exploitation within the internal network.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves Server-Side Request Forgery (SSRF) in OpenClaw versions prior to 2026.3.1, specifically in the web_search citation redirect feature that allows requests to internal network destinations.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your network or system, you can monitor for unusual outbound HTTP requests originating from the OpenClaw host to internal IP ranges such as loopback (127.0.0.1), private IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or other internal network addresses.'}, {'type': 'paragraph', 'content': 'Suggested commands include using network monitoring tools or packet capture utilities to filter such traffic. For example:'}, {'type': 'list_item', 'content': "Using tcpdump to capture HTTP requests to private IP ranges: tcpdump -i <interface> 'dst net 10.0.0.0/8 or dst net 172.16.0.0/12 or dst net 192.168.0.0/16 or dst host 127.0.0.1 and port 80'"}, {'type': 'list_item', 'content': 'Using netstat or ss to check for established connections from the OpenClaw process to internal IPs.'}, {'type': 'list_item', 'content': 'Reviewing OpenClaw logs for citation redirect requests that contain suspicious or attacker-controlled URLs targeting internal network addresses.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to upgrade OpenClaw to version 2026.3.1 or later, where the SSRF vulnerability has been fixed by enforcing a strict SSRF policy that disallows redirects to localhost, private, or internal network destinations.'}, {'type': 'paragraph', 'content': "Until the upgrade can be applied, consider restricting the OpenClaw server's network access to prevent it from making requests to internal or private IP ranges."}, {'type': 'paragraph', 'content': 'Additionally, monitor and audit citation redirect targets to ensure they are not attacker-controlled or pointing to internal network addresses.'}] [1, 2]

Useful 0 Not Useful 0