CVE-2026-32913 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: March 23, 2026
OpenClaw - Information Disclosure
Overview
OpenClaw < 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects, letting attackers intercept sensitive headers like X-Api-Key and Private-Token, exploit requires triggering cross-origin redirects.
Severity & Score
Impact
Attackers can intercept sensitive authorization headers, leading to information disclosure and potential account compromise.
Mitigation
Update to version 2026.3.7 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-32913 - Critical (9.3) OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensiti... š https://www.thehackerwire.com/vulnerability/CVE-2026-32913/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-32913 - Critical (9.3) OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensiti... š https://www.thehackerwire.com/vulnerability/CVE-2026-32913/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32913
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- misconfiguration
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-522
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N