Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/05 1:35 p.m.8 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the QQBot reply media URL handling process. An attacker can access internal resources and exfiltrate sensitive information by supplying crafted media...

9.3CVSS5.8AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.13 views

CVE-2026-43526

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

9.3CVSS0.00251EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.42 views

CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS0.00251EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 11:24 a.m.16 views

CVE-2026-43526

OpenClaw is affected by a server-side request forgery (SSRF) in QQBot reply media URL handling, exploitable in versions before 2026.4.12. Attackers can supply malicious media URLs to trigger SSRF and have the fetched bytes re-uploaded through the channel. The issue has been fixed in 2026.4.12 (an...

9.3CVSS5.9AI score0.00251EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/05 11:24 a.m.6 views

EUVD-2026-27263

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References4
Rows per page
Query Builder