---
id: 20260312-T0-07
title: "OpenClaw 2026.3.11修复WebSocket跨站劫持漏洞"
title_en: "OpenClaw 2026.3.11 Fixes WebSocket Cross-Site Hijacking"
url: https://ai.daily.yangsir.net/daily/20260312-T0-07
issue_date: 2026-03-12
publish_date: 2026-03-12T05:07:17.000Z
category: release
source_name: "OpenClaw Releases"
source_url: https://github.com/openclaw/openclaw/releases/tag/v2026.3.11
---

# OpenClaw 2026.3.11修复WebSocket跨站劫持漏洞

OpenClaw发布2026.3.11安全更新，修复受信任代理模式下的WebSocket跨站劫持漏洞（GHSA-5wcw-8jjv-m286）。新增强制浏览器来源验证机制，所有浏览器连接均需通过Origin校验，防止未授权访问admin权限。

## English Version

**OpenClaw 2026.3.11 Fixes WebSocket Cross-Site Hijacking**

OpenClaw 2026.3.11 fixes a WebSocket cross-site hijacking flaw (GHSA-5wcw-8jcj-m286) in trusted-proxy mode. Adds mandatory browser origin validation for all connections to prevent unauthorized admin access.

---

**来源**：[OpenClaw Releases](https://github.com/openclaw/openclaw/releases/tag/v2026.3.11)

**详情页**：https://ai.daily.yangsir.net/daily/20260312-T0-07

---

*智语观潮 · Daily — https://ai.daily.yangsir.net/llms.txt*