CVE-2026-41297 — OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalida — CVE Database · The Intelligence Room