Cyber Resilience

CVE-2026-43526

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 16.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-43526 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-43526 is a server-side request forgery (SSRF) vulnerability, classified as CWE-918, affecting OpenClaw versions prior to 2026.4.12. The flaw exists in the QQBot reply media URL handling component, where the server processes attacker-controlled media URLs by fetching arbitrary content and then re-uploading the retrieved bytes through the channel.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). By supplying malicious media URLs, attackers trigger SSRF requests to internal or external resources, enabling them to read sensitive data with high confidentiality impact and potentially alter channel content with low integrity impact through the re-upload mechanism.

Mitigation involves upgrading to OpenClaw version 2026.4.12 or later, which incorporates fixes from GitHub commits 08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a and ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d. Further details on the vulnerability and remediation are available in the GitHub Security Advisory at GHSA-2767-2q9v-9326 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded…

more

through the channel.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in unauthenticated public-facing OpenClaw/QQBot component directly enables remote exploitation of web apps (T1190) and internal network service probing via attacker-controlled URLs (T1046).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32019Same product: Openclaw Openclaw
CVE-2026-35629Same product: Openclaw Openclaw
CVE-2026-44116Same product: Openclaw Openclaw
CVE-2026-41912Same product: Openclaw Openclaw
CVE-2026-6011Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-28451Same product: Openclaw Openclaw
CVE-2026-28476Same product: Openclaw Openclaw
CVE-2026-41914Same product: Openclaw Openclaw
CVE-2026-22181Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.4.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates attacker-supplied media URLs in QQBot reply handling to prevent SSRF by ensuring only legitimate URLs trigger server fetches.

prevent

Remediates the SSRF flaw through timely patching to OpenClaw 2026.4.12 or later, directly addressing the vulnerable URL processing logic.

prevent

Monitors and controls outbound communications at system boundaries to block or restrict SSRF-triggered requests to arbitrary internal or external resources.

References