PT-2026-22496 · Npm · Openclaw
Published
2026-02-18
·
Updated
2026-02-18
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Summary
The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections:
sendMediaFeishu(mediaUrl)- Feishu DocX markdown image URLs (write/append -> image processing)
Affected versions
< 2026.2.14
Patched versions
>= 2026.2.14
Impact
If an attacker can influence tool calls (directly or via prompt injection), they may be able to trigger requests to internal services and re-upload the response as Feishu media.
Remediation
Upgrade to OpenClaw
2026.2.14 or newer.Notes
The fix routes Feishu remote media fetching through hardened runtime helpers that enforce SSRF policies and size limits.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw