CVE-2026-41302 | OpenClaw up to 2026.3.30 Marketplace Plugin fetch server-side request forgery (GHSA-9q7v-8mr7-g23p)

A vulnerability has been found in OpenClaw up to 2026.3.30 and classified as critical. This issue affects the function fetch of the component Marketplace Plugin. This manipulation causes server-side request forgery.

This vulnerability is tracked as CVE-2026-41302. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More