OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply...

8.3 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.

Basic Information

ID CVE-2026-43526

Source VulnCheck

Published May 5, 2026 at 11:24

Modified May 5, 2026 at 12:24

Affected Product

Vendor OpenClaw

Product OpenClaw

Affected Versions OpenClaw OpenClaw 0

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.",
    "published": "2026-05-05T11:24:58.093Z",
    "modified": "2026-05-05T12:24:23.501Z",
    "type": "cve",
    "title": "OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling",
    "source": "VulnCheck",
    "references": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326\nhttps://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a\nhttps://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d\nhttps://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling",
    "id": "CVE-2026-43526",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "OpenClaw OpenClaw 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenClaw",
    "version": "0",
    "vendor": "OpenClaw",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling_CVE-2026-43526