Home

Description

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media.

PUBLISHED Reserved 2026-02-27 | Published 2026-03-05 | Updated 2026-03-06 | Assigner VulnCheck




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Problem types

Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

Any version before 2026.2.14
affected

Credits

Peng Zhou (@zpbrent) reporter

References

github.com/...enclaw/security/advisories/GHSA-x22m-j5qq-j49m (GitHub Security Advisory (GHSA-x22m-j5qq-j49m)) vendor-advisory

github.com/...ommit/5b4121d6011a48c71e747e3c18197f180b872c5d (Patch Commit) patch

www.vulncheck.com/...srf-via-feishu-extension-media-fetching (VulnCheck Advisory: OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching) third-party-advisory

cve.org (CVE-2026-28451)

nvd.nist.gov (CVE-2026-28451)

Download JSON