{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-41914/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.5,"id":"CVE-2026-41914"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["high"],"_cs_tags":["ssrf","cve-2026-41914","openclaw"],"_cs_type":"advisory","_cs_vendors":["openclaw"],"content_html":"\u003cp\u003eOpenClaw, a QQ Bot platform, is susceptible to a server-side request forgery (SSRF) vulnerability. This flaw exists in versions prior to 2026.4.8 within the media download paths of the QQ Bot functionality. Specifically, the vulnerability allows attackers to bypass existing SSRF protections. By exploiting unprotected media fetch endpoints, malicious actors can potentially gain unauthorized access to internal resources and circumvent established allowlist policies. This vulnerability poses a significant risk to the confidentiality and integrity of systems and data accessible from the OpenClaw server. Successful exploitation can lead to information disclosure, denial of service, or even remote code execution on internal systems, depending on the accessible resources.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an OpenClaw instance running a version prior to 2026.4.8.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL targeting the QQ Bot media download functionality. This URL contains a payload designed to exploit the SSRF vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious URL into the QQ Bot\u0026rsquo;s media download path, bypassing expected SSRF protections.\u003c/li\u003e\n\u003cli\u003eOpenClaw processes the crafted URL without proper validation, initiating a request to an attacker-controlled internal resource.\u003c/li\u003e\n\u003cli\u003eThe OpenClaw server makes a request to the specified internal resource, potentially exposing sensitive information or triggering unintended actions.\u003c/li\u003e\n\u003cli\u003eThe internal resource responds to the OpenClaw server, and the response is potentially relayed back to the attacker or used to further compromise the system.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to internal resources or sensitive data due to the successful SSRF attack.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability (CVE-2026-41914) can lead to the disclosure of sensitive information from internal systems, potentially affecting all users and services dependent on the compromised OpenClaw instance. The severity is amplified by the potential to bypass existing SSRF protections, increasing the attack surface and difficulty of detection. Impact ranges from information disclosure to potential compromise of other internal services, depending on the specific internal resources accessible from the OpenClaw server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.8 or later to patch the SSRF vulnerability (CVE-2026-41914).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious OpenClaw SSRF Attempt\u003c/code\u003e to identify potential exploitation attempts targeting the vulnerable media download paths.\u003c/li\u003e\n\u003cli\u003eImplement strict network segmentation to limit the impact of a successful SSRF attack by restricting access to sensitive internal resources from the OpenClaw server.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T12:00:00Z","date_published":"2026-04-29T12:00:00Z","id":"/briefs/2026-04-openclaw-ssrf/","summary":"OpenClaw before 2026.4.8 is vulnerable to server-side request forgery (SSRF) in QQ Bot media download paths, allowing attackers to bypass SSRF protections and access internal resources.","title":"OpenClaw QQ Bot Media Download SSRF Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-41914","version":"https://jsonfeed.org/version/1.1"}