Description
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.
Published: 2026-05-05
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions before 2026.4.12 contain a server‑side request forgery that allows an attacker to embed a malicious media URL in a QQBot reply. The application follows the URL, fetches the content, and re‑uploads it, giving the attacker the ability to retrieve arbitrary web resources and potentially embed them in the system. This flaw can be used to obtain sensitive data from internal networks, with a single authenticated or unauthenticated request, depending on the QQBot configuration.

Affected Systems

OpenClaw is the affected vendor and product. Versions older than 2026.4.12 of OpenClaw are vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.3, indicating high severity. No EPSS score is available, but the flaw’s mechanics are straightforward, making it likely to be exploited if a QQBot channel is exposed to untrusted users. The flaw is not listed in the CISA KEV catalog. Attackers can trigger the SSRF by submitting a crafted media URL through the QQBot reply interface; the server then fetches content and re‑uploads it, potentially exposing the application to arbitrary network access.

Generated by OpenCVE AI on May 5, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.12 or later.
  • Apply input validation and sanitization to QQBot media URLs to address the SSRF weakness (CWE-918).
  • Enforce outbound request restrictions or use a whitelist of approved domains to prevent unauthorised content retrieval (CWE-918).
  • Disable or restrict the re‑upload functionality for media resources received via QQBot until a patch is applied.

Generated by OpenCVE AI on May 5, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2767-2q9v-9326 OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes
History

Tue, 05 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.
Title OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T12:24:23.501Z

Reserved: 2026-05-01T16:56:19.947Z

Link: CVE-2026-43526

cve-icon Vulnrichment

Updated: 2026-05-05T12:24:19.685Z

cve-icon NVD

Status : Received

Published: 2026-05-05T12:16:18.640

Modified: 2026-05-05T12:16:18.640

Link: CVE-2026-43526

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T14:30:25Z

Weaknesses