CVE-2026-41302 | OpenClaw up to 2026.3.30 Marketplace Plugin fetch server-side request forgery (GHSA-9q7v-8mr7-g23p)

Inserito da Angelo Barbosa | Apr 21, 2026 | CVE

A vulnerability has been found in OpenClaw up to 2026.3.30 and classified as critical. This issue affects the function fetch of the component Marketplace Plugin. This manipulation causes server-side request forgery.

This vulnerability is tracked as CVE-2026-41302. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-41302 | OpenClaw up to 2026.3.30 Marketplace Plugin fetch server-side request forgery (GHSA-9q7v-8mr7-g23p)

Post correlati

CVE-2024-27974 | Fujifilm DocuPrint P450 d Internet Services cross-site request forgery

CVE-2023-52496 | Linux Kernel up to 6.6.14/6.7.2 vmu-flash information disclosure (38c12f10990a/1168d6b79d2f/a7d84a2e7663)

CVE-2024-43787 | honojs hono up to 4.5.7 cross-site request forgery

CVE-2024-37428 | Themesgrove WidgetKit Plugin up to 2.5.0 on WordPress cross site scripting