Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
OpenClaw MSTeams Attachment Redirect Bypass on Allowlisted Hosts
GHSA-w76h-8m22-hpgh
Summary
OpenClaw's MSTeams attachment handling has a flaw that could allow attackers to redirect users to unauthorized websites, potentially exposing users to security risks. This issue affects OpenClaw versions prior to 2026.2.22. To stay secure, update to the latest version of OpenClaw as soon as it's available.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
Original description
## Summary
In OpenClaw MSTeams media download flows, redirect handling could bypass configured `mediaAllowHosts` checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.21-2` (latest published at triage time)
- Fixed in: `2026.2.22` (planned next release)
## Impact
Attackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.
## Fix Commit(s)
- `73d93dee64127a26f1acd09d0403b794cdeb4f5c`
- `b34097f62df9d1960cc22600269cd3f3284e2124`
## Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.22`). Once that npm release is published, this advisory can be published without further version-field edits.
OpenClaw thanks @tdjackey for reporting.
In OpenClaw MSTeams media download flows, redirect handling could bypass configured `mediaAllowHosts` checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.21-2` (latest published at triage time)
- Fixed in: `2026.2.22` (planned next release)
## Impact
Attackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.
## Fix Commit(s)
- `73d93dee64127a26f1acd09d0403b794cdeb4f5c`
- `b34097f62df9d1960cc22600269cd3f3284e2124`
## Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.22`). Once that npm release is published, this advisory can be published without further version-field edits.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
8.7
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026