CVE-2026-44116
OpenClaw Zalo Plugin SSRF Bypass via Malicious Photo URLs
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.4.22 within the Zalo plugin's sendPhoto function. It is a server-side request forgery (SSRF) flaw where the function fails to properly validate outbound photo URLs through its SSRF protection mechanism. As a result, attackers can bypass the SSRF guard by supplying malicious photo URLs to the Zalo Bot API.
This allows attackers to make unauthorized requests from the server to internal resources that would normally be inaccessible, potentially exposing sensitive internal systems.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can exploit the SSRF flaw to gain unauthorized access to internal resources behind the server running the vulnerable OpenClaw Zalo plugin.
This unauthorized access could lead to information disclosure or further attacks on internal systems that are not normally exposed to the internet.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the OpenClaw Zalo plugin's sendPhoto function allowing SSRF attacks by accepting malicious outbound photo URLs. Detection can focus on monitoring outbound HTTP(S) requests made by the OpenClaw application, especially those targeting the Zalo Bot API with unusual or internal network IP addresses.
You can detect potential exploitation by inspecting logs or network traffic for outbound requests to internal or private IP ranges originating from the OpenClaw server.
- Use network monitoring tools like tcpdump or Wireshark to capture outbound HTTP(S) requests from the OpenClaw server.
- Example tcpdump command to capture HTTP traffic: sudo tcpdump -i <interface> 'tcp port 80 or tcp port 443' -w openclaw_traffic.pcap
- Analyze logs or captured traffic for requests to internal IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or non-standard URLs sent to the Zalo Bot API.
- If OpenClaw logs outbound URLs or API calls, review those logs for suspicious or unexpected photo URLs.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update OpenClaw to version 2026.4.22 or later, where the vulnerability has been fixed by adding proper SSRF validation in the sendPhoto function.
This update ensures that outbound photo URLs are validated against a strict SSRF hostname policy, blocking requests to private, internal, or special-use IP addresses and non-HTTP(S) URLs.
- Upgrade the OpenClaw npm package to version 2026.4.22 or newer.
- Review and restrict network access controls to limit outbound HTTP(S) requests from the OpenClaw server to only trusted destinations.
- Monitor logs and network traffic for suspicious outbound requests as a temporary detection measure until the patch is applied.