Armis Logo< Back

CVE-2026-41914:

CVE-2026-41914 is a server-side request forgery (SSRF) vulnerability in OpenClaw before version 2026.4.8, affecting QQ Bot media download paths that bypass existing SSRF protections.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

8.5High
  • Published Date:Apr 28, 2026
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Exploitability

  • Score:3.1
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:LOW
  • User Interaction:NONE
  • Scope:CHANGED

Impact

  • Score:4.7
  • Confidentiality Impact:HIGH
  • Integrity Impact:LOW
  • Availability Impact:NONE

Description Preview

CVE-2026-41914 is a server-side request forgery (SSRF) vulnerability in OpenClaw before version 2026.4.8, affecting QQ Bot media download paths that bypass existing SSRF protections.

Overview

CVE-2026-41914 is a server-side request forgery vulnerability (CWE-918) found in OpenClaw, an open-source framework, affecting all versions prior to 2026.4.8. The flaw resides in QQ Bot media download paths where the SSRF protection mechanisms can be circumvented. Authenticated attackers can abuse unprotected media fetch endpoints to force the server into making requests to internal resources, effectively bypassing the allowlist policies that are intended to restrict outbound server-side requests. Successful exploitation can lead to high confidentiality impact on subsequent systems and low integrity impact, as the changed scope of the vulnerability means internal infrastructure not directly exposed to attackers can be reached and potentially probed or manipulated.

Remediation

  • Users should upgrade OpenClaw to version 2026.4.8 or later, which introduces fixes addressing the SSRF bypass in QQ Bot media fetch paths. The patch is available via the official GitHub repository commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5. Organizations unable to immediately upgrade should consider restricting network-level access to media fetch endpoints, enforcing egress filtering on the server to block requests to internal IP ranges, and auditing allowlist policies to ensure they cannot be bypassed through URL manipulation or redirect-based techniques.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Health Care and Social Assistance icon
Health Care and Social Assistance
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!