Primary

Context

OpenClaw Unauthorized Media Download Vulnerability via Zalo Channel

Vulnerability

A vulnerability in OpenClaw versions prior to 2026.3.28 allows unauthorized senders to manipulate media downloads from Zalo channels. The application fetches and stores inbound media before verifying sender authorization, enabling unauthorized messages to trigger network requests and disk writes to the media store, even if the messages are later rejected.

Impact

Exploitation of this vulnerability could lead to unauthorized media downloads, causing potential privacy concerns or misuse of stored media.

Remediation

Users can upgrade to OpenClaw version 2026.3.28 or later, where this vulnerability has been patched.

Added: Mar 31, 2026, 3:30 PM

Updated: Mar 31, 2026, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.7

remediation

0.0

relevance

5.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.7

remediation

0.0

relevance

5.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Unauthorized Media Download Vulnerability via Zalo Channel

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating