CVE-2026-40037
Request Body Replay Vulnerability in OpenClaw fetchWithSsrFGuard
Publication date: 2026-04-08
Last updated on: 2026-04-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OpenClaw allows unsafe request bodies to be resent across cross-origin redirects, which can lead to the exfiltration of sensitive request data or headers to unintended origins.
This behavior could potentially impact compliance with data protection regulations such as GDPR or HIPAA, as it risks unauthorized disclosure of sensitive personal or health information.
However, specific details on compliance impact or mitigation measures are not provided in the available information.
How can this vulnerability impact me? :
The vulnerability can lead to the exposure of sensitive request data or headers to unauthorized third parties through cross-origin redirects. This can result in data leakage, potentially compromising user privacy or security by allowing attackers to exfiltrate confidential information.
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.3.31 and involves a flaw in the fetchWithSsrFGuard function. It allows unsafe request bodies to be resent during cross-origin redirects. Attackers can exploit this behavior by triggering redirects that cause sensitive request data or headers to be sent to unintended external origins.