漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints
Vulnerability Description
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized actions on HTTP operator endpoints.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
OpenClaw 跨站请求伪造漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.31之前版本存在跨站请求伪造漏洞,该漏洞源于在受信任代理模式下运行时,HTTP操作员端点缺少浏览器源验证,允许跨站请求伪造攻击,攻击者可利用此漏洞在受信任代理部署中从浏览器发送恶意请求,在HTTP操作员端点上执行未授权操作。
CVSS Information
N/A
Vulnerability Type
N/A