OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
- When
- Where
- Global (internet)
- Category
- cyber_advisory · npm
### Summary OpenClaw supports remote MCP Streamable HTTP servers with operator-configured custom headers. In affected releases, those headers could be forwarded when the MCP endpoint responded with a cross-origin redirect. This issue is limited to configured MCP Streamable HTTP servers that use custom headers. It does not expose unrelated OpenClaw credentials. ### Affected configurations This affects deployments where an MCP server is configured with: - `transportType: "streamable-http"` - sensitive custom headers under `mcp.servers.*.headers` - an MCP endpoint that is malicious, compromised, or able to redirect to another origin ### Impact Custom MCP headers, such as API keys or tenant-routing headers, could be sent to the redirect target. The exposed credential scope depends on the header the operator configured for that MCP server. ### Patched Versions The first stable patched version is `2026.5.12`. ### Mitigations Upgrade to `openclaw@2026.5.8` or later. Before upgrading, avoid custom MCP headers with servers you do not fully trust, and rotate any MCP-specific credentials that may have been exposed by a redirecting endpoint.
Sources
- GitHub Advisory Database ↗ · first seen 2026-06-17 17:55 UTC
Defaxon links out to the original reporting and never republishes article text.
Correlated events
Computed by the Defaxon correlation engine — linked by shared actors, co-location, and temporal proximity. Scored hypotheses, never causal claims.
No correlated events found in the current window. As more events arrive, connections form automatically.