OpenClaw Server-Side Request Forgery Vulnerability in QQBot Direct Media Upload

A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.4.20. This vulnerability occurs in the QQBot direct media upload feature, where URL validation is improperly handled. Attackers can exploit this by sending crafted image URLs to the uploadC2CMedia and uploadGroupMedia endpoints, bypassing SSRF protections and relaying unintended requests. While the vulnerability allows for SSRF exploitation, it is limited to outbound media handling and does not expose arbitrary local files.

Impact

Exploitation of this vulnerability could lead to unauthorized requests being made on behalf of the server, potentially accessing internal resources or services that are not normally exposed.

Reproduction

The vulnerability can be reproduced by sending a request to the uploadC2CMedia or uploadGroupMedia endpoints with a crafted image URL that targets a private or internal host. The request will bypass the SSRF validation and relay the unintended request, taking advantage of the skipped URL validation in the direct-upload media path.

Remediation

Users can update to OpenClaw version 2026.4.20 or later, where this vulnerability has been patched.