CVE-2026-34504
EPSS 0.05%OpenClaw affected by SSRF via unguarded image download in fal provider
發布日:2026/4/1修改日:2026/4/6
描述
## Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. ## Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses through the image pipeline. ## Affected Component `extensions/fal/image-generation-provider.ts` ## Fixed Versions - Affected: `<= 2026.3.24` - Patched: `>= 2026.3.28` - Latest stable `2026.3.28` contains the fix. ## Fix Fixed by commit `80d1e8a11a` (`fal: guard image fetches`). OpenClaw thanks @AntAISecurityLab for reporting.
受影響套件(1)
- npm/openclawfrom 0, < 2026.3.28
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-34504
- PATCHhttps://github.com/openclaw/openclaw
- WEBhttps://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928
- WEBhttps://github.com/openclaw/openclaw/releases/tag/v2026.3.28
- WEBhttps://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3
- WEBhttps://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider