Lucene search
+L

4 matches found

EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-45104

OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy server-side request forgery. The practical impac...

5CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/05/06 8:16 p.m.81 views

CVE-2026-44117

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

6.3CVSS0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 7:49 p.m.4 views

CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

6.3CVSS6AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder