CVE-2026-43526
Published: 05 May 2026
Summary
CVE-2026-43526 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates attacker-supplied media URLs in QQBot reply handling to prevent SSRF by ensuring only legitimate URLs trigger server fetches.
Remediates the SSRF flaw through timely patching to OpenClaw 2026.4.12 or later, directly addressing the vulnerable URL processing logic.
Monitors and controls outbound communications at system boundaries to block or restrict SSRF-triggered requests to arbitrary internal or external resources.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in unauthenticated public-facing OpenClaw/QQBot component directly enables remote exploitation of web apps (T1190) and internal network service probing via attacker-controlled URLs (T1046).
NVD Description
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded…
more
through the channel.
Deeper analysisAI
CVE-2026-43526 is a server-side request forgery (SSRF) vulnerability, classified as CWE-918, affecting OpenClaw versions prior to 2026.4.12. The flaw exists in the QQBot reply media URL handling component, where the server processes attacker-controlled media URLs by fetching arbitrary content and then re-uploading the retrieved bytes through the channel.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). By supplying malicious media URLs, attackers trigger SSRF requests to internal or external resources, enabling them to read sensitive data with high confidentiality impact and potentially alter channel content with low integrity impact through the re-upload mechanism.
Mitigation involves upgrading to OpenClaw version 2026.4.12 or later, which incorporates fixes from GitHub commits 08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a and ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d. Further details on the vulnerability and remediation are available in the GitHub Security Advisory at GHSA-2767-2q9v-9326 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling.
Details
- CWE(s)