PT-2026-35796 · Openclaw · Openclaw
Adithyan Ak
·
Published
2026-04-09
·
Updated
2026-04-29
·
CVE-2026-41914
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.8
Description
An issue exists in the QQ Bot media download paths that allows for server-side request forgery (SSRF), a flaw where an attacker can induce the server to make requests to an unintended location. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies.
Recommendations
Update to version 2026.4.8.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw