CVE-2026-31989

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1

Description The software contains a server-side request forgery issue in the web search citation redirect resolution. This is due to the use of a private-network-allowing SSRF policy. An attacker who can control citation redirect targets may be able to trigger requests to internal network destinations from the OpenClaw host. The web search function is involved in this issue.

Recommendations Update to version 2026.3.1 or later. Citation redirect resolution now uses a strict SSRF policy, blocking localhost, private, and internal redirect targets.