CVE-2026-43526CRITICAL 9.3EPSS p16.2%

CVE-2026-43526CVE-2026-43526

Description

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.

Scoring

CVSS 3.19.3 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS0.25% probability of exploitation · percentile 16.2% · 2026-06-19T12:03:05Z
Published2026-05-05
Last modified2026-05-07

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a
  2. https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d
  3. https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326
  4. https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41914
CVE
CVE-2026-43533
CVE
CVE-2026-28467
CVE
CVE-2026-28451
CVE
CVE-2026-44116
CVE
CVE-2026-34507
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.