PT-2026-25409 · Npm · Openclaw
Publicado
2026-03-03
·
Atualizado
2026-03-03
CVSS v3.1
5.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Summary
OpenClaw accepted
camera.snap / camera.clip node payload url fields and downloaded them on the gateway/agent host without binding downloads to the resolved node host.In OpenClaw's documented trust model, paired nodes are in the same operator trust boundary, so this is scoped as medium-severity hardening. A malicious or compromised paired node could still steer gateway-host fetches during camera URL retrieval.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
>= 2026.2.13 <= 2026.3.1 - Latest vulnerable published version at time of update:
2026.3.1 - Patched versions:
>= 2026.3.2(released)
Technical Details
Vulnerable flows accepted URL payloads and downloaded directly from the provided URL:
src/cli/nodes-camera.ts(writeUrlToFile) fetched URL payloads without node-host binding.src/cli/nodes-cli/register.camera.tspassedcamera.snap/camera.clippayload URLs into that downloader.src/agents/tools/nodes-tool.tsdid the same forcamera snap/camera cliptool actions.
Impact
A malicious/compromised paired node could cause gateway-host URL fetches to off-node destinations reachable from the host network. This could be used for internal network probing/fetch pivots in deployments where paired nodes are not fully trusted.
Remediation
The fix introduces fail-closed node-host binding and guarded fetch for camera URL payload downloads:
- Require resolved node host metadata for URL payload downloads.
- Enforce hostname match between payload URL and resolved node host.
- Use SSRF-guarded fetch with redirect host/protocol checks.
- Apply the same enforcement across CLI and agent tool camera paths.
Fix Commit(s)
3bf19d6f40a0aaa55818b96eede3d05130c02533
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw