Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.3
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
GHSA-7qf6-h84j-8fq4
Summary
## Impact
Microsoft Teams media handling used mixed fetch paths for Graph metadata/content and attachment auth-retry flows. Some paths bypassed the shared SSRF guard model and created inconsistent host/DNS enforcement across redirect/fetch hops.
## Affected Packages / Versions
- Package: `openclaw`...
What to do
- Update openclaw to version 2026.2.26.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.25 | 2026.2.26 |
Original title
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
Original description
## Impact
Microsoft Teams media handling used mixed fetch paths for Graph metadata/content and attachment auth-retry flows. Some paths bypassed the shared SSRF guard model and created inconsistent host/DNS enforcement across redirect/fetch hops.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.2.25`
- Affected range: `<= 2026.2.25`
- Planned patched version for next release: `2026.2.26`
## Technical Details
The Microsoft Teams attachment/media code previously relied on plugin-local fetch behavior in parts of the flow, instead of uniformly using shared guarded fetch logic with pinned DNS + policy checks. This could allow policy drift and SSRF boundary inconsistency between channel/plugin paths.
The fix unifies this path by:
- routing Microsoft Teams Graph message/hosted-content/attachment fetches through shared SSRF-guarded fetch paths,
- routing auth-scope fallback attachment downloads through the same guarded policy model,
- centralizing hostname-suffix allowlist policy helpers in `plugin-sdk` so channel/plugins use the same allowlist normalization and policy construction behavior.
## Fix Commit(s)
- `57334cd7d85174d5f951de01114fd5801b063564`
OpenClaw thanks @tdjackey for reporting.
Microsoft Teams media handling used mixed fetch paths for Graph metadata/content and attachment auth-retry flows. Some paths bypassed the shared SSRF guard model and created inconsistent host/DNS enforcement across redirect/fetch hops.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.2.25`
- Affected range: `<= 2026.2.25`
- Planned patched version for next release: `2026.2.26`
## Technical Details
The Microsoft Teams attachment/media code previously relied on plugin-local fetch behavior in parts of the flow, instead of uniformly using shared guarded fetch logic with pinned DNS + policy checks. This could allow policy drift and SSRF boundary inconsistency between channel/plugin paths.
The fix unifies this path by:
- routing Microsoft Teams Graph message/hosted-content/attachment fetches through shared SSRF-guarded fetch paths,
- routing auth-scope fallback attachment downloads through the same guarded policy model,
- centralizing hostname-suffix allowlist policy helpers in `plugin-sdk` so channel/plugins use the same allowlist normalization and policy construction behavior.
## Fix Commit(s)
- `57334cd7d85174d5f951de01114fd5801b063564`
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
2.3
Vulnerability type
CWE-367
CWE-918
Server-Side Request Forgery (SSRF)
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026