5 matches found
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the QQBot reply media URL handling process. An attacker can access internal resources and exfiltrate sensitive information by supplying crafted media...
CVE-2026-43526
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
CVE-2026-43526
OpenClaw is affected by a server-side request forgery (SSRF) in QQBot reply media URL handling, exploitable in versions before 2026.4.12. Attackers can supply malicious media URLs to trigger SSRF and have the fetched bytes re-uploaded through the channel. The issue has been fixed in 2026.4.12 (an...
EUVD-2026-27263
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...