Cyber Posture

CVE-2026-43526

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0003 8.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded…

more

through the channel.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Validates attacker-supplied media URLs in QQBot reply handling to prevent SSRF by ensuring only legitimate URLs trigger server fetches.

SI-2 Flaw Remediation good match
prevent

Remediates the SSRF flaw through timely patching to OpenClaw 2026.4.12 or later, directly addressing the vulnerable URL processing logic.

SC-7 Boundary Protection partial match
prevent

Monitors and controls outbound communications at system boundaries to block or restrict SSRF-triggered requests to arbitrary internal or external resources.

Security SummaryAI

CVE-2026-43526 is a server-side request forgery (SSRF) vulnerability, classified as CWE-918, affecting OpenClaw versions prior to 2026.4.12. The flaw exists in the QQBot reply media URL handling component, where the server processes attacker-controlled media URLs by fetching arbitrary content and then re-uploading the retrieved bytes through the channel.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). By supplying malicious media URLs, attackers trigger SSRF requests to internal or external resources, enabling them to read sensitive data with high confidentiality impact and potentially alter channel content with low integrity impact through the re-upload mechanism.

Mitigation involves upgrading to OpenClaw version 2026.4.12 or later, which incorporates fixes from GitHub commits 08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a and ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d. Further details on the vulnerability and remediation are available in the GitHub Security Advisory at GHSA-2767-2q9v-9326 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling.

Details

CWE(s)
CWE-918

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
attack.mitre.org →
Why these techniques?

SSRF in unauthenticated public-facing OpenClaw/QQBot component directly enables remote exploitation of web apps (T1190) and internal network service probing via attacker-controlled URLs (T1046).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References