CVE-2026-44116 - OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation
CVE ID :CVE-2026-44116 Published : May 6, 2026, 8:16 p.m. | 38 minutes ago Description :OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
- [CYBER] Quacc++: Automated Open Source Vulnerability Discovery
- [CYBER] The "Logic Span": Using OpenTelemetry to Trace Hallucinations
- [CYBER] Hackers abuse Google ads for GoDaddy ManageWP login phishing
- [CYBER] DOJ says ransomware gang tapped into Russian government databases
- [CYBER] DAEMON Tools devs confirm breach, release malware-free version