CVE-2026-41297 | OpenClaw up to 2026.3.30 Marketplace Plugin server-side request forgery (GHSA-vjx8-8p7h-82gr)

A vulnerability categorized as critical has been discovered in OpenClaw up to 2026.3.30. The affected element is an unknown function of the component Marketplace Plugin. Executing a manipulation can lead to server-side request forgery.

This vulnerability appears as CVE-2026-41297. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More