CVE-2026-34504
Published: 31 March 2026
Summary
CVE-2026-34504 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-4 enforces information flow control policies that directly prevent unauthorized server-side requests to internal URLs exploited in this SSRF vulnerability.
SI-10 validates inputs like URLs in the image-generation-provider.ts fetches, blocking malicious requests to internal services.
SC-7 monitors and controls communications at system boundaries, restricting SSRF exploitation of internal service metadata and responses.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing application directly enables remote exploitation (T1190); unguarded internal URL fetches facilitate discovery of internal systems/services and metadata (T1018).
NVD Description
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and…
more
responses through the image pipeline.
Deeper analysisAI
CVE-2026-34504 is a server-side request forgery (SSRF) vulnerability (CWE-918) affecting OpenClaw versions prior to 2026.3.28. The issue resides in the fal provider's image-generation-provider.ts component, where unguarded image download fetches enable attackers to make requests to internal URLs. This flaw has a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility, low complexity, lack of required privileges or user interaction, and scope expansion.
A malicious or compromised fal relay can exploit this vulnerability by leveraging the image pipeline to fetch internal service metadata and responses. Attackers require the ability to interact with the fal provider but face no authentication barriers, allowing remote exploitation over the network to indirectly access and exfiltrate sensitive internal resources.
Mitigation is addressed in OpenClaw version 2026.3.28 and later, with a specific patch available in GitHub commit 80d1e8a11a2ac118c7f7a70bba9c862b6141d928. Security practitioners should consult the official GitHub security advisory (GHSA-qxgf-hmcj-3xw3) and VulnCheck advisory for detailed remediation steps and verification guidance.
Details
- CWE(s)