4 matches found
CVE-2026-44117
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...
CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...
PT-2026-38250
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description An issue in QQBot direct media upload allows for server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. This occurs because URL...
CVE-2023-3906
Removed by vendor...