← voltar
CVE-2026-33576

OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

CVSS 6.9 MEDIUMEPSS 0.4%CWE-863
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312ahttps://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358jhttps://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel