Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-62216— OpenClaw 2026.4.20 < 2026.5.28 Policy Bypass via Media Upload

CVSS 5.0 · Medium
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-62216

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenClaw 2026.4.20 < 2026.5.28 Policy Bypass via Media Upload
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy (server-side request forgery). The practical impact depends on the operator's configuration and whether lower-trust input can reach that path.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenClawOpenClaw 2026.4.20 ~ 2026.5.28 -

II. Public POCs for CVE-2026-62216

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-62216

登录查看更多情报信息。

Vendor Advisories for CVE-2026-62216 (2)

Same Patch Batch · OpenClaw · 2026-07-17 · 28 CVEs total

CVE-2026-622298.8 HIGHOpenClaw < 2026.5.18 Authorization Bypass via Glob Matching
CVE-2026-622038.8 HIGHOpenClaw < 2026.6.6 Environment Variable Injection via rustup
CVE-2026-622028.8 HIGHOpenClaw 2026.6.1 < 2026.6.9 Privilege Escalation via Cron
CVE-2026-622078.8 HIGHOpenClaw < 2026.6.5 Authentication Bypass via Admin Tools
CVE-2026-622238.8 HIGHOpenClaw < 2026.5.18 Authorization Bypass via Device-pair
CVE-2026-622288.8 HIGHOpenClaw < 2026.6.5 Authorization Bypass via Node Exec Approvals
CVE-2026-622178.8 HIGHOpenClaw 2026.5.14-beta.1 < 2026.5.27 Authentication Bypass via exec approvals
CVE-2026-622188.8 HIGHOpenClaw 2026.1.20 < 2026.5.27 Authorization Bypass via device.pair.approve
CVE-2026-622268.5 HIGHOpenClaw 2026.3.28 < 2026.5.19 Authorization Bypass via Browser Act Route
CVE-2026-622098.1 HIGHOpenClaw 2026.5.10-beta.1 < 2026.6.5 Authorization Bypass via agent-mode dispatch
CVE-2026-622158.0 HIGHOpenClaw < 2026.6.5 Authentication Bypass via HTTP Canvas
CVE-2026-622227.8 HIGHOpenClaw < 2026.5.22 Untrusted Plugin Loading via Setup-mode
CVE-2026-622277.7 HIGHOpenClaw 2026.4.14 < 2026.5.26 SSRF via Browser Snapshot
CVE-2026-622017.7 HIGHOpenClaw < 2026.6.6 Network Policy Bypass via exec-server
CVE-2026-622197.1 HIGHOpenClaw 2026.2.12 < 2026.5.26 Authorization Bypass via Blank Agent IDs
CVE-2026-622127.1 HIGHOpenClaw < 2026.5.28 Authentication Bypass via safeFetch
CVE-2026-622067.1 HIGHOpenClaw < 2026.6.9 Authentication Bypass via Moderation Actions
CVE-2026-622057.1 HIGHOpenClaw 2026.4.12-beta.1 < 2026.6.6 Authorization Bypass via message actions
CVE-2026-622146.5 MEDIUMOpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation
CVE-2026-622136.5 MEDIUMOpenClaw < 2026.5.27 Token Leakage via MS Teams Outbound Requests

Showing top 20 of 28 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-62216

No comments yet


Leave a comment