Vulnerabilities

Report: CVE-2026-44116 - OpenClaw Zalo SSRF - Complete Guide

2026-05-06 0 views admin
Report: CVE-2026-44116 - OpenClaw Zalo SSRF - Complete Guide

CVE ID :CVE-2026-44116 Published : May 6, 2026, 8:16 p.m. | 22 minutes ago Description :OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
May 6, 2026
Impact: SSRF

🏷️ Tags

report44116openclawcompleteguidepublishedminutesdescriptioncverce

More from Vulnerabilities

Report: CVE-2026-43578 - OpenClaw Privilege Escalation

Report: CVE-2026-43578 - OpenClaw Privilege Escalation

2026-05-06 0
Report: Update: CVE-2026-43577 - OpenClaw File Read Vulnerability

Report: Update: CVE-2026-43577 - OpenClaw File Read Vulnerability

2026-05-06 0
Report: Breaking: CVE-2026-43575 - OpenClaw NoVNC Authentication Bypass

Report: Breaking: CVE-2026-43575 - OpenClaw NoVNC Authentication Bypass

2026-05-06 0
Report: CVE-2026-43576 - OpenClaw Server-Side Request Forgery (SSRF) - Full Analysis

Report: CVE-2026-43576 - OpenClaw Server-Side Request Forgery (SSRF) - Full Analysis

2026-05-06 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views