CVE-2026-44116: OpenClaw validates Zalo outbound photo URLs through the SSRF guard
(updated )
Zalo outbound photo URLs are validated through the SSRF guard.
References
- github.com/advisories/GHSA-2hh7-c75g-qj2r
- github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f
- github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r
- nvd.nist.gov/vuln/detail/CVE-2026-44116
- www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation
Code Behaviors & Features
Detect and mitigate CVE-2026-44116 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →