Description
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`. Upgrade to OpenClaw `2026.2.14` or newer to receive a fix. The fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.
Published: 2026-02-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local File Disclosure
Action: Apply Patch
AI Analysis

Impact

OpenClaw, a personal AI assistant, contains a flaw in its Feishu extension where the sendMediaFeishu function treats attacker‑provided mediaUrl values as direct local filesystem paths. This allows read access to arbitrary local files, exposing sensitive data such as /etc/passwd. The weakness is a path‑traversal error (CWE‑22) that can compromise confidentiality.

Affected Systems

The vulnerability affects all versions of OpenClaw released before 2026.2.14. Users running these older releases with the Feishu extension enabled are susceptible to exploitation.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity. EPSS is below 1%, suggesting a low short‑term exploitation probability. The vulnerability is not listed in the KEV catalog. The attack vector is likely achieved by influencing tool calls through the Feishu extension, possibly via prompt injection or direct manipulation of tool inputs. No explicit remote exploitation mechanism is described beyond controlling the mediaUrl parameter.

Generated by OpenCVE AI on April 18, 2026 at 17:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.14 or newer, which removes direct local file reads from sendMediaFeishu and enforces local‑root restrictions.
  • If an upgrade cannot be performed immediately, disable or restrict the Feishu extension or block sendMediaFeishu calls until the patch is applied.
  • Restrict the file system permissions for the Feishu extension process to a safe directory, ensuring that even if sendMediaFeishu receives a file path, only paths within the allowed directory can be accessed.

Generated by OpenCVE AI on April 18, 2026 at 17:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8jpq-5h99-ff5r OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension
History

Fri, 20 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Fri, 20 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Thu, 19 Feb 2026 22:45:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`. Upgrade to OpenClaw `2026.2.14` or newer to receive a fix. The fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.
Title OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-20T15:40:52.658Z

Reserved: 2026-02-13T16:27:51.808Z

Link: CVE-2026-26321

cve-icon Vulnrichment

Updated: 2026-02-20T15:32:00.504Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T23:16:25.180

Modified: 2026-02-20T19:12:08.257

Link: CVE-2026-26321

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses