CVE-2026-28451
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension
Description
### Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - `sendMediaFeishu(mediaUrl)` - Feishu DocX markdown image URLs (write/append -> image processing) ### Affected versions - `< 2026.2.14` ### Patched versions - `>= 2026.2.14` ### Impact If an attacker can influence tool calls (directly or via prompt injection), they may be able to trigger requests to internal services and re-upload the response as Feishu media. ### Remediation Upgrade to OpenClaw `2026.2.14` or newer. ### Notes The fix routes Feishu remote media fetching through hardened runtime helpers that enforce SSRF policies and size limits.
How to fix CVE-2026-28451
To remediate CVE-2026-28451, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.14 or later
Is CVE-2026-28451 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |