CVE-2026-31989
Published: 19 March 2026
Summary
CVE-2026-31989 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates and sanitizes citation redirect targets to block requests to loopback, private, or internal network destinations, directly preventing SSRF exploitation.
Enforces flow control policies prohibiting the web_search component from initiating requests to unauthorized internal or private networks.
Monitors and controls outbound communications at system boundaries to filter and block SSRF-induced requests to internal destinations from the OpenClaw host.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing web app (web_search redirect handler) directly enables exploitation of the application to reach internal resources.
NVD Description
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback,…
more
private, or internal destinations.
Deeper analysisAI
CVE-2026-31989 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting OpenClaw versions prior to 2026.3.1. The issue resides in the web_search citation redirect resolution component, which implements a policy permitting requests to private networks. This flaw enables attackers to manipulate redirect targets, causing the OpenClaw host to issue requests to unintended internal destinations. The vulnerability received a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L) and was published on 2026-03-19.
An attacker with low privileges (PR:L) who can influence citation redirect targets in the web_search functionality can exploit this over the network (AV:N) with low complexity and no user interaction required. Successful exploitation changes the scope (S:C), allowing limited impact on confidentiality, integrity, and availability (C:L/I:L/A:L). Specifically, the attacker can trigger requests from the OpenClaw host to loopback, private, or other internal network destinations.
Advisories from OpenClaw's GitHub security page (GHSA-g99v-8hwm-g76g) and VulnCheck detail the issue and recommend upgrading to OpenClaw version 2026.3.1 or later, where the SSRF policy has been hardened to restrict private-network requests. Security practitioners should review these references for full patch details and workarounds.
Details
- CWE(s)