← volver
CVE-2026-33576

OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

CVSS 6.9 MEDIUMEPSS 0.4%CWE-863
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312ahttps://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358jhttps://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel