Lucene search
+L

6 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

6CVSS5.8AI score0.00172EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32037

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

6CVSS5.8AI score0.00172EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.25 views

CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

6CVSS0.00172EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 10:7 p.m.3 views

CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

2.3CVSS5.9AI score0.00172EPSS
Exploits0References6
OSV
OSV
added 2026/03/03 6:10 p.m.6 views

GHSA-W76H-8M22-HPGH OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists

Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...

8.7CVSS5.9AI score0.00172EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 6:10 p.m.12 views

OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists

Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...

6.5CVSS5.9AI score0.00172EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder