CVE-2026-43526 in OpenClawinfo

Zusammenfassung

von MITRE • 05.05.2026

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

01.05.2026

Veröffentlichung

05.05.2026

Moderieren

akzeptiert

Eintrag

VDB-361167

CPE

bereit

CWE

CWE-918 (bestätigt)

CVSS

8.2 (CNA)

EPSS

0.00041

KEV

nein

Aktivitäten

very low

Sektor

Government, Telecommunication, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-43526
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-43526
CVE Details	https://www.cvedetails.com/cve/CVE-2026-43526/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!