PT-2026-25494 · Npm · Openclaw

Published

2026-03-03

·

Updated

2026-03-03

CVSS v3.1

6.0

Medium

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Summary

In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.21-2 (latest published at triage time)
  • Fixed in: 2026.2.22 (planned next release)

Impact

Attackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.

Fix Commit(s)

  • 73d93dee64127a26f1acd09d0403b794cdeb4f5c
  • b34097f62df9d1960cc22600269cd3f3284e2124

Release Process Note

patched versions is pre-set to the planned next release (2026.2.22). Once that npm release is published, this advisory can be published without further version-field edits.
OpenClaw thanks @tdjackey for reporting.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

GHSA-W76H-8M22-HPGH

Affected Products

Openclaw