GHSA-9c3v-684m-579c: OpenClaw MCP SSE redirects could forward Authorization headers
OpenClaw MCP SSE redirects could forward Authorization headers, allowing a lower-trust caller or configured input path to execute or persist actions beyond their intended authorization. This vulnerability affects versions prior to 2026.6.5. The impact depends on the operator's configuration and whether lower-trust input can reach the vulnerable path. The issue is limited to the named feature and does not affect the trusted-operator model of OpenClaw. A fix is available in version 2026.6.5. Until upgrading, it is recommended to restrict the affected feature to trusted operators or disable it if not needed.
AI Analysis
Technical Summary
The vulnerability in OpenClaw MCP SSE redirects involves the forwarding of Authorization headers, which can allow a lower-trust caller or input path to perform actions beyond their intended authorization scope. This issue is specific to the MCP SSE redirect feature and does not alter the overall trusted-operator security model of OpenClaw. The practical impact depends on the operator's configuration and exposure of the affected feature to lower-trust inputs. The vulnerability is patched starting with OpenClaw version 2026.6.5.
Potential Impact
When the affected MCP SSE redirect feature is enabled and accessible, it could allow unauthorized execution or persistence of actions beyond the caller's intended authorization. The actual impact varies based on how the operator configures access and whether untrusted inputs can reach the vulnerable redirect path. There is no indication of known exploits in the wild.
Mitigation Recommendations
A fix is available in OpenClaw version 2026.6.5; upgrading to this or a later version is recommended. Until upgrading, restrict the affected feature to trusted operators or disable it if not needed. Additionally, narrow channel and tool allowlists, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature when it is unnecessary.
GHSA-9c3v-684m-579c: OpenClaw MCP SSE redirects could forward Authorization headers
Description
OpenClaw MCP SSE redirects could forward Authorization headers, allowing a lower-trust caller or configured input path to execute or persist actions beyond their intended authorization. This vulnerability affects versions prior to 2026.6.5. The impact depends on the operator's configuration and whether lower-trust input can reach the vulnerable path. The issue is limited to the named feature and does not affect the trusted-operator model of OpenClaw. A fix is available in version 2026.6.5. Until upgrading, it is recommended to restrict the affected feature to trusted operators or disable it if not needed.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in OpenClaw MCP SSE redirects involves the forwarding of Authorization headers, which can allow a lower-trust caller or input path to perform actions beyond their intended authorization scope. This issue is specific to the MCP SSE redirect feature and does not alter the overall trusted-operator security model of OpenClaw. The practical impact depends on the operator's configuration and exposure of the affected feature to lower-trust inputs. The vulnerability is patched starting with OpenClaw version 2026.6.5.
Potential Impact
When the affected MCP SSE redirect feature is enabled and accessible, it could allow unauthorized execution or persistence of actions beyond the caller's intended authorization. The actual impact varies based on how the operator configures access and whether untrusted inputs can reach the vulnerable redirect path. There is no indication of known exploits in the wild.
Mitigation Recommendations
A fix is available in OpenClaw version 2026.6.5; upgrading to this or a later version is recommended. Until upgrading, restrict the affected feature to trusted operators or disable it if not needed. Additionally, narrow channel and tool allowlists, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature when it is unnecessary.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-9c3v-684m-579c
- Osv Schema Version
- 1.4.0
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a46ed1627e9c7971944734b
Added to database: 07/02/2026, 22:58:30 UTC
Last enriched: 07/02/2026, 23:35:51 UTC
Last updated: 07/03/2026, 03:37:22 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.