GHSA-C4QG-J8JG-42Q5: GHSA-C4QG-J8JG-42Q5: Server-Side Request Forgery in OpenClaw QQBot Extension
Published: (April 25, 2026 at 11:10 PM EDT)
2 min read
Source: Dev.to
Source: Dev.to
Overview
- Vulnerability ID: GHSA-C4QG-J8JG-42Q5
- CWE ID: CWE‑918 (Server‑Side Request Forgery)
- CVSS Score: Low
- Published: 2026‑04‑25
- Attack Vector: Network
- Impact: Information disclosure / internal scanning
- Exploit Status: Proof of concept
The OpenClaw platform’s QQBot extension fails to validate external media URLs before forwarding them to the QQ Open Platform API. An attacker can craft a request that causes the upstream QQ API to perform HTTP requests to arbitrary destinations, including internal services and cloud metadata endpoints.
Affected Component
- OpenClaw QQBot Extension (versions
< 2026.4.20)
Fix
- Version: Fixed in 2026.4.20 (commit
49db424c8001f2f419aad85f434894d8d85c1a09) - Key changes:
- Enforced strict URL validation and hostname policy checks.
- Whitelisted only HTTPS protocol.
- Added DNS resolution policies that block internal IP ranges (RFC 1918) and cloud metadata endpoints.
- Recommended Web Application Firewall (WAF) rules for interim protection.
Remediation Steps
- Identify deployments using the vulnerable
openclawpackage. - Update the dependency in
package.jsonto version2026.4.20or later.# Using npm npm install openclaw@2026.4.20 # Or using Yarn yarn add openclaw@2026.4.20 - Verify configuration: ensure that
resolvePinnedHostnameWithPolicyblocks RFC 1918 addresses and IMDS endpoints. - Restart OpenClaw services to load the updated module.
- (Optional) Apply WAF rules to block outbound requests to internal IP ranges until the patch is deployed.
References
- GitHub Advisory: GHSA‑C4QG‑J8JG‑42Q5
- Fix Commit:
49db424c8001f2f419aad85f434894d8d85c1a09
For a full analysis, including interactive diagrams and detailed exploit steps, refer to the official security advisory on the OpenClaw website.