3 matches found
GHSA-R747-33R4-RMJW Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...
CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...
CVE-2026-44117
OpenClaw is affected by a server-side request forgery in QQBot direct media upload (uploadC2CMedia and uploadGroupMedia) where URL validation is skipped. This allows an attacker to relay unintended requests by sending crafted image URLs, bypassing SSRF protections. The issue affects OpenClaw prio...