CVE-2026-41914

CVSS v3.1

8.5

High

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-41914

Affected Products

Openclaw

CVE-2026-41914

Weakness Enumeration

Related Identifiers

Affected Products

References · 5