漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing
Vulnerability Description
OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject malicious header content to influence security decisions including authentication rate-limiting and IP-based access controls.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.21之前版本存在数据伪造问题漏洞,该漏洞源于解析X-Forwarded-For标头值不当,可能导致攻击者欺骗客户端IP地址并影响安全决策。
CVSS Information
N/A
Vulnerability Type
N/A