OpenClaw: QQBot direct media upload skipped URL SSRF validation
Moderate severity
GitHub Reviewed
Published
Apr 21, 2026
in
openclaw/openclaw
•
Updated May 12, 2026
Description
Published to the GitHub Advisory Database
Apr 25, 2026
Reviewed
Apr 25, 2026
Last updated
May 12, 2026
Affected Packages / Versions
openclaw(npm)< 2026.4.202026.4.20Impact
The QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured QQBot media delivery request or relay URLs the operator did not intend to allow.
The affected path is limited to QQBot outbound media handling and does not expose arbitrary local files. Severity is low.
Fix
OpenClaw now validates QQBot direct-upload media URLs before
uploadC2CMediaanduploadGroupMediadirect-upload calls.Fix commit:
49db424c8001f2f419aad85f434894d8d85c1a09Release
Fixed in OpenClaw
2026.4.20.References