CVE-2026-41302 - OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
CVE ID :CVE-2026-41302 Published : April 20, 2026, 11:08 p.m. | 1 hour, 14 minutes ago Description :OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. A
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] The 2026 HIPAA Compliance Checklist for Developers and IT Teams
- [CYBER] What Is a HIPAA Security Risk Analysis? A Developer's Breakdown of the Most Important Compliance Requirement
- [CYBER] I Made a Demo
- [CYBER] Kelp DAO shifts blame to LayerZero for $292 million exploit; Aave examines bad debt scenarios
- [CYBER] The Brutal Truth About My 31 Dev.to Posts: What 1,847 Hours Taught Me About Self-Promotion
- [CYBER] The Router Is Not a Passive Device - It's the Attack Surface