PT-2026-25494 · Npm · Openclaw
Publicado
2026-03-03
·
Atualizado
2026-03-03
CVSS v3.1
6.0
Média
| Vetor | AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
Summary
In OpenClaw MSTeams media download flows, redirect handling could bypass configured
mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.21-2(latest published at triage time) - Fixed in:
2026.2.22(planned next release)
Impact
Attackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.
Fix Commit(s)
73d93dee64127a26f1acd09d0403b794cdeb4f5cb34097f62df9d1960cc22600269cd3f3284e2124
Release Process Note
patched versions is pre-set to the planned next release (2026.2.22). Once that npm release is published, this advisory can be published without further version-field edits.OpenClaw thanks @tdjackey for reporting.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw