Medium severity5.3NVD Advisory· Published Apr 23, 2026· Updated Apr 28, 2026
CVE-2026-41345
CVE-2026-41345
Description
OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials intended for legitimate requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/openclaw/openclaw/commit/e704323ff388ed21f6963f9b8e0b1b8dfaaabc5fnvdPatch
- github.com/openclaw/openclaw/security/advisories/GHSA-68v4-hmwv-f43hnvdVendor Advisory
- www.vulncheck.com/advisories/openclaw-authorization-header-leak-via-cross-origin-redirect-in-media-downloadnvdThird Party Advisory
News mentions
0No linked articles in our index yet.