OpenClaw Zalo Plugin SSRF Vulnerability (CVE-2026-44116) Poses High Risk
The National Vulnerability Database has detailed CVE-2026-44116, a high-severity Server-Side Request Forgery (SSRF) vulnerability impacting OpenClaw before version 2026.4.22. Specifically, the Zalo plugin’s sendPhoto function lacks proper validation for outbound photo URLs, allowing attackers to bypass the SSRF guard.
This flaw enables attackers to inject malicious URLs into the Zalo Bot API. By doing so, they can force the application to make requests to internal network resources that should otherwise be inaccessible. The CVSSv3.1 score of 8.6 (HIGH) reflects the critical nature of this vulnerability, highlighting the potential for unauthorized access to sensitive internal systems.
Attackers can leverage this SSRF to scan internal networks, access metadata services, or even interact with internal APIs. The lack of input validation on the photo URL is a fundamental security oversight, giving attackers a direct vector to pivot from an external-facing application to the internal infrastructure.
What This Means For You
- If your organization uses OpenClaw with the Zalo plugin, you must prioritize patching to version 2026.4.22 or later immediately. An unpatched system is an open door for attackers to map and potentially exploit your internal network resources via SSRF. Don't assume your perimeter defenses are enough; this attack originates from within the application layer.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44116 - OpenClaw Zalo Plugin SSRF Attempt
title: CVE-2026-44116 - OpenClaw Zalo Plugin SSRF Attempt
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit the OpenClaw Zalo plugin's sendPhoto function by looking for requests to the specific '/zalo/sendPhoto' endpoint with a 'photoUrl=' parameter, indicating a potential SSRF attempt to access internal resources.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44116/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/zalo/sendPhoto'
cs-uri-query|contains:
- 'photoUrl='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44116 | SSRF | OpenClaw |
| CVE-2026-44116 | SSRF | OpenClaw versions before 2026.4.22 |
| CVE-2026-44116 | SSRF | Zalo plugin's sendPhoto function |
| CVE-2026-44116 | SSRF | Bypass of SSRF protection via malicious photo URLs to Zalo Bot API |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to...
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure...
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`....