Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
OpenClaw: Feishu Extension Can Fetch Sensitive Internal Data
CVE-2026-28451
GHSA-x22m-j5qq-j49m
Summary
A security issue in the OpenClaw Feishu extension could allow an attacker to access and potentially steal sensitive internal data by tricking the extension into making unauthorized requests. To fix this, update OpenClaw to version 2026.2.14 or newer.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension
Original description
### Summary
The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections:
- `sendMediaFeishu(mediaUrl)`
- Feishu DocX markdown image URLs (write/append -> image processing)
### Affected versions
- `< 2026.2.14`
### Patched versions
- `>= 2026.2.14`
### Impact
If an attacker can influence tool calls (directly or via prompt injection), they may be able to trigger requests to internal services and re-upload the response as Feishu media.
### Remediation
Upgrade to OpenClaw `2026.2.14` or newer.
### Notes
The fix routes Feishu remote media fetching through hardened runtime helpers that enforce SSRF policies and size limits.
The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections:
- `sendMediaFeishu(mediaUrl)`
- Feishu DocX markdown image URLs (write/append -> image processing)
### Affected versions
- `< 2026.2.14`
### Patched versions
- `>= 2026.2.14`
### Impact
If an attacker can influence tool calls (directly or via prompt injection), they may be able to trigger requests to internal services and re-upload the response as Feishu media.
### Remediation
Upgrade to OpenClaw `2026.2.14` or newer.
### Notes
The fix routes Feishu remote media fetching through hardened runtime helpers that enforce SSRF policies and size limits.
nvd CVSS3.1
8.3
nvd CVSS4.0
6.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b87...
- https://github.com/openclaw/openclaw/pull/16285
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
- https://github.com/advisories/GHSA-x22m-j5qq-j49m
- https://github.com/openclaw/openclaw/security/advisories/GHSA-x22m-j5qq-j49m
- https://www.vulncheck.com/advisories/openclaw-ssrf-via-feishu-extension-media-fe...
- https://nvd.nist.gov/vuln/detail/CVE-2026-28451
Published: 18 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026