CVE-2026-22171
CVE-2026-22171
8.8
HighPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- None
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- Low
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the client can use traversal segments to escape os.tmpdir() and write arbitrary files within the OpenClaw process permissions.
References
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473fdisclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46