PT-2026-32079 · Npm · Openclaw

Published

2026-03-31

·

Updated

2026-03-31

CVSS v4.0

6.0

Medium

VectorAV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path.

Impact

A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions.

Affected Component

extensions/feishu/src/docx.ts

Fixed Versions

  • Affected: >= 2026.2.6, <= 2026.3.24
  • Patched: >= 2026.3.28
  • Latest stable 2026.3.28 contains the fix.

Fix

Fixed by commit 764394c78b (fix: enforce localRoots sandbox on Feishu docx upload file reads).

Fix

Path traversal

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-863

Related Identifiers

GHSA-QF48-QFV4-JJM9

Affected Products

Openclaw