Description
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media.
Published: 2026-03-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in the Feishu extension of OpenClaw and allows attackers to direct the server to fetch arbitrary remote URLs via the sendMediaFeishu function or markdown image handling. By doing so, an attacker can retrieve content from internal services, upload that content back as Feishu media, or manipulate tool calls or prompts to trigger further requests. The result is potential exposure of internal network resources and data, and the ability to perform unauthorized actions as the application server.

Affected Systems

OpenClaw products, specifically any installation running a version before 2026.2.14. The affected code resides in the Feishu extension media fetching functionality and in markdown image processing. Users of the OpenClaw application that rely on the Feishu integration are exposed to this flaw.

Risk and Exploitability

The CVSS score of 6.3 indicates a severity. The EPSS score of less than 1% suggests the probability of exploitation is very low at present. This vulnerability is not listed in CISA's KEV catalog. Based on the description, the likely attack vector is an authenticated or low‑privilege user submitting a Feishu media request or markdown content that triggers the server to perform the malicious request. Successful exploitation requires that the attacker can send the relevant data to the application, after which the server will reach out to the target URL internally or externally, fetch the response, and optionally upload it back as media.

Generated by OpenCVE AI on April 16, 2026 at 12:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.14 or later to eliminate the SSRF functionality.
  • If an upgrade is not immediately possible, disable the Feishu extension or block the sendMediaFeishu endpoint to prevent remote URL fetching.
  • Implement network controls such as an outbound firewall or proxy to limit the application’s ability to reach internal IP ranges and block malicious external URLs.

Generated by OpenCVE AI on April 16, 2026 at 12:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x22m-j5qq-j49m OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension
History

Mon, 09 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-918
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-918

Fri, 06 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media.
Title OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T16:53:07.636Z

Reserved: 2026-02-27T19:17:03.738Z

Link: CVE-2026-28451

cve-icon Vulnrichment

Updated: 2026-03-09T16:52:42.997Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:17.210

Modified: 2026-03-11T16:15:12.877

Link: CVE-2026-28451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:15:35Z

Weaknesses