CVE-2026-26321

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`. Upgrade to OpenClaw `2026.2.14` or newer to receive a fix. The fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d	Patch
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14	Product Release Notes
https://github.com/openclaw/openclaw/security/advisories/GHSA-8jpq-5h99-ff5r	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2026-02-19 23:16

Updated : 2026-02-20 19:12

NVD link : CVE-2026-26321

Mitre link : CVE-2026-26321

CVE.ORG link : CVE-2026-26321

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-26321", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-02-19T23:16:25.180", "references": [{"url": "https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8jpq-5h99-ff5r", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`. Upgrade to OpenClaw `2026.2.14` or newer to receive a fix. The fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions."}, {"lang": "es", "value": "OpenClaw es un asistente personal de inteligencia artificial. Antes de la versi\u00f3n 2026.2.14 de OpenClaw, la extensi\u00f3n Feishu permit\u00eda a `sendMediaFeishu` tratar los valores `mediaUrl` controlados por el atacante como rutas del sistema de archivos local y leerlos directamente. Si un atacante puede influir en las llamadas a herramientas (directamente o mediante inyecci\u00f3n de comandos), podr\u00eda filtrar archivos locales proporcionando rutas como '/ etc / passwd' como \u00abmediaUrl\u00bb. Actualice a OpenClaw \u00ab2026.2.14\u00bb o una versi\u00f3n posterior para recibir una correcci\u00f3n. La correcci\u00f3n elimina la lectura directa de archivos locales de esta ruta y redirige la carga de medios a trav\u00e9s de ayudantes reforzados que aplican restricciones de ra\u00edz local."}], "lastModified": "2026-02-20T19:12:08.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "0F3079A3-9FBD-4E87-821D-5CAF0622C555", "versionEndExcluding": "2026.2.14"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}