OpenClaw CSRF Vulnerability: High-Severity Risk in Trusted-Proxy Deployments

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-352
OpenClaw CSRF Vulnerability: High-Severity Risk in Trusted-Proxy Deployments

The National Vulnerability Database has disclosed CVE-2026-41347, a high-severity (CVSS 7.1) Cross-Site Request Forgery (CSRF) vulnerability affecting OpenClaw before version 2026.3.31. This flaw stems from a lack of browser-origin validation in the HTTP operator endpoints when OpenClaw is configured in trusted-proxy mode.

Attackers can exploit this by crafting malicious requests from a browser, enabling unauthorized actions on HTTP operator endpoints within trusted-proxy deployments. The critical aspect here is the trusted-proxy configuration, which often implies a more permissive network posture, making the lack of origin validation particularly dangerous.

For defenders, this means any OpenClaw instance running in a trusted-proxy setup is a prime target. The attacker’s calculus is straightforward: leverage a common web vulnerability (CWE-352) against a potentially high-privilege endpoint, bypassing typical network controls that might otherwise block direct access. Patching is non-negotiable, and CISO’s need to ensure their security architecture accounts for proper origin validation even behind trusted proxies.

What This Means For You

  • If your organization uses OpenClaw in a trusted-proxy configuration, you are exposed to unauthorized actions via CSRF. Immediately verify your OpenClaw version and patch to 2026.3.31 or later. Review your trusted-proxy configurations and ensure all internal applications enforce strict origin validation, even when operating behind a proxy.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-41347 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1529 System Shutdown/Reboot Impact T1498 Network Denial of Service Impact

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

OpenClaw CSRF to Unauthorized Action - CVE-2026-41347

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41347 CSRF OpenClaw
CVE-2026-41347 CSRF OpenClaw versions prior to 2026.3.31
CVE-2026-41347 CSRF Lack of browser-origin validation in HTTP operator endpoints
CVE-2026-41347 CSRF Operating in trusted-proxy mode

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 24, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6732 — Libxml2 Denial of Service

CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-843
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

OpenShell Mirror Mode Allows Arbitrary Code Execution

CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror...

vulnerabilityCVEhigh-severitycode-executioncwe-829
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 3 Sigma

OpenClaw: High-Severity Access Control Bypass Looms

CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile...

vulnerabilityCVEhigh-severitycwe-472
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma