Description
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.
Published: 2026-05-06
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a server‑side request forgery that occurs in the QQBot media upload feature of OpenClaw. By sending specifically crafted image URLs to the uploadC2CMedia and uploadGroupMedia endpoints, an attacker can bypass the application's URL validation and cause the server to make arbitrary HTTP requests on the attacker’s behalf. This allows exploitation of internal resources, exposure of sensitive data, or further lateral movement, which constitutes a confidentiality, integrity, and availability risk.

Affected Systems

The flaw affects OpenClaw version numbers earlier than 2026.4.20. Administrators running any pre‑2026.4.20 build of the OpenClaw platform are potentially vulnerable when using the QQBot direct media upload functionality.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity risk. The EPSS score is not available, and the vulnerability is not currently listed in CISA’s KEV catalog. Attackers are likely to target this issue by submitting malicious URLs to the vulnerable endpoints; the attack requires only web access to the application and does not require complex prerequisites, so the likelihood of exploitation is considered moderate.

Generated by OpenCVE AI on May 6, 2026 at 21:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to OpenClaw 2026.4.20 or later to eliminate the SSRF bug
  • If immediate upgrade is not possible, block outbound traffic from the QQBot upload endpoints to internal networks using firewall or reverse proxy rules
  • Enable application‑level request validation or use a whitelist of allowed domains for media uploads to prevent malicious URLs from being processed
  • Monitor application logs for unusual media upload attempts and investigate any unauthorized activity

Generated by OpenCVE AI on May 6, 2026 at 21:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.
Title OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-07T13:33:31.813Z

Reserved: 2026-05-05T11:30:46.259Z

Link: CVE-2026-44117

cve-icon Vulnrichment

Updated: 2026-05-07T13:33:27.676Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T20:16:35.770

Modified: 2026-05-06T21:20:52.707

Link: CVE-2026-44117

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:15:13Z

Weaknesses