Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-22171

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

9.1CVSS5.9AI score0.00339EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/26 12:0 a.m.3 views

OpenClaw path traversal vulnerability (CNVD-2026-16042)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu media download process failing to properly filter special elements in the path of a resource or file, which can be exploited by a...

9.1CVSS6AI score0.00339EPSS
Exploits0
OSV
OSV
added 2026/03/18 1:34 a.m.6 views

CVE-2026-22171 OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

8.8CVSS7.3AI score0.00339EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22171 OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22171

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/18 1:34 a.m.6 views

EUVD-2026-12714

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.26 views

CVE-2026-22171 OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

8.8CVSS0.00339EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 1:34 a.m.12 views

CVE-2026-22171

OpenClaw is affected by a path traversal in the Feishu media download flow. In versions prior to 2026.2.19, untrusted media keys (imageKey/fileKey) were interpolated directly into temporary-file paths in extensions/feishu/src/media.ts, allowing an attacker who can control those keys to craft path...

9.1CVSS5.9AI score0.00339EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 6:42 p.m.4 views

GHSA-VJ3G-5PX3-GR46 OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()

Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys imageKey / fileKey when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redire...

6.9CVSS6AI score0.00339EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/03 6:42 p.m.7 views

OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()

Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys imageKey / fileKey when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redire...

9.1CVSS6AI score0.00339EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-26005

Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys imageKey / fileKey when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redire...

9.1CVSS5.9AI score0.00339EPSS
Exploits0References13
Rows per page
Query Builder