GHSA-8JPQ-5H99-FF5R
Vulnerability from github – Published: 2026-02-17 21:41 – Updated: 2026-02-17 21:41
VLAI?
Summary
OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension
Details
Summary
The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly.
Affected versions
< 2026.2.14
Patched versions
>= 2026.2.14
Impact
If an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as /etc/passwd as mediaUrl.
Remediation
Upgrade to OpenClaw 2026.2.14 or newer.
Notes
The fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.
Fix commit 5b4121d60 confirmed on main and in v2026.2.14. Upgrade to openclaw >= 2026.2.14.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26321"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-17T21:41:52Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nThe Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly.\n\n### Affected versions\n- `\u003c 2026.2.14`\n\n### Patched versions\n- `\u003e= 2026.2.14`\n\n### Impact\nIf an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`.\n\n### Remediation\nUpgrade to OpenClaw `2026.2.14` or newer.\n\n### Notes\nThe fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.\n\n---\n\nFix commit 5b4121d60 confirmed on main and in v2026.2.14. Upgrade to `openclaw \u003e= 2026.2.14`.",
"id": "GHSA-8jpq-5h99-ff5r",
"modified": "2026-02-17T21:41:52Z",
"published": "2026-02-17T21:41:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8jpq-5h99-ff5r"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…