Ghostwire

CVE-2026-41914: OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass...

MEDIUM CVSS 5.5

Published: April 28, 2026 | Last Modified: April 28, 2026

Description

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.tenable.com/cve/CVE-2026-41914
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-41914