CVE-2026-43526

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12

Description An issue exists in the QQBot reply media URL handling that allows server-side request forgery (SSRF), a flaw where a server is tricked into making requests to an unintended location. Attackers can provide malicious media URLs to fetch arbitrary content, and the retrieved bytes are subsequently re-uploaded through the channel.

Recommendations Update to version 2026.4.12 or newer.