CVE-2026-22171

HIGH

OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

Title source: cna

Description

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the client can use traversal segments to escape os.tmpdir() and write arbitrary files within the OpenClaw process permissions.

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

GitHub Security Advisory (GHSA-vj3g-5px3-gr46)

https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46

Patch patch

Patch Commit #1

https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871

View Patch ZIP pw:eip

Patch patch

Patch Commit #2

https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705

View Patch ZIP pw:eip

Patch patch

Patch Commit #3

https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming

Scores

CVSS v3 8.2

EPSS 0.0034

EPSS Percentile 25.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

npm/openclaw 0 - 2026.2.19npm

OpenClaw/OpenClaw < 2026.2.19

openclaw/openclaw < 2026.2.19

Published Mar 18, 2026

Tracked Since Mar 18, 2026