Lucene search
K

5 matches found

CNVD
CNVD
added 2026/03/12 12:0 a.m.1 views

OpenClaw code issue vulnerability (CNVD-2026-13590)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is a code problem vulnerability , the vulnerability stems from the attachment and media URL hydration exists server-side request forgery , an attacker can use the vulnerability to obtain arbitrary HTTPS URL...

8.6CVSS6AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2026/03/05 10:16 p.m.2 views

CVE-2026-28467

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

8.6CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.25 views

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

6.5CVSS0.00397EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9913

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

6.9CVSS6AI score0.00397EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-23542

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a server-side request forgery issue in attachment and media URL handling. This allows remote attackers to retrieve data from arbitrary HTTPS URLs. An attacker who can contro...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References9
Rows per page
Query Builder