top of page
perceptive_background_267k.jpg

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated direct…

Published:

17 maart 2026 om 23:00:00

Alert date:

18 maart 2026 om 15:08:05

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow. The vulnerability exists in extensions/feishu/src/media.ts where untrusted media keys are directly interpolated into temporary file paths. An attacker who can control Feishu media key values can use directory traversal segments to escape the temporary directory and write arbitrary files within the OpenClaw process permissions. This allows unauthorized file system access and potential system compromise.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22171
https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871
https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705
https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f
https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46
https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page