Ghostwire
Home / Vulnerabilities / CVE-2026-41345

CVE-2026-41345: OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards...

MEDIUM CVSS 5.5

Published: April 23, 2026 | Last Modified: April 23, 2026

Description

OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials intended for legitimate requests.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

Tenable CVEs
CVE-2026-41345
 CVE Feed
CVE-2026-41345 - OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download

References