GHSA-VJ3G-5PX3-GR46

Vulnerability from github – Published: 2026-03-03 18:42 – Updated: 2026-03-19 18:34
VLAI?
Summary
OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
Details

Summary

OpenClaw’s Feishu media download flow used untrusted Feishu media keys (imageKey / fileKey) when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside os.tmpdir().

Impact

This is an arbitrary file write issue (within the OpenClaw process file permissions). If an attacker can control Feishu media key values returned to the client (for example via compromised upstream response path), they can influence where downloaded bytes are written.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version at triage: 2026.2.17
  • Affected versions: <= 2026.2.17
  • Fixed version: 2026.2.19

Fix Commit(s)

  • c821099157a9767d4df208c6b12f214946507871
  • cdb00fe2428000e7a08f9b7848784a0049176705
  • ec232a9e2dff60f0e3d7e827a7c868db5254473f

Remediation

The fix removes key-derived temp-file naming and keeps downloads in safe temp locations. Additional hardening isolates SDK writeFile calls in per-download temp directories (mkdtemp) with deterministic cleanup, enforces Feishu key trust-boundary validation, and adds a repository guard test against dynamic path.join(os.tmpdir(), \...${...}`)` patterns in runtime code.

OpenClaw thanks @allsmog for reporting.

Severity ?
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T18:42:28Z",
    "nvd_published_at": "2026-03-18T02:16:21Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nOpenClaw\u2019s Feishu media download flow used untrusted Feishu media keys (`imageKey` / `fileKey`) when building temporary file paths in `extensions/feishu/src/media.ts`.\nBecause those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside `os.tmpdir()`.\n\n## Impact\n\nThis is an arbitrary file write issue (within the OpenClaw process file permissions).\nIf an attacker can control Feishu media key values returned to the client (for example via compromised upstream response path), they can influence where downloaded bytes are written.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Latest published npm version at triage: `2026.2.17`\n- Affected versions: `\u003c= 2026.2.17`\n- Fixed version: `2026.2.19`\n\n## Fix Commit(s)\n\n- `c821099157a9767d4df208c6b12f214946507871`\n- `cdb00fe2428000e7a08f9b7848784a0049176705`\n- `ec232a9e2dff60f0e3d7e827a7c868db5254473f`\n\n## Remediation\n\nThe fix removes key-derived temp-file naming and keeps downloads in safe temp locations. Additional hardening isolates SDK `writeFile` calls in per-download temp directories (`mkdtemp`) with deterministic cleanup, enforces Feishu key trust-boundary validation, and adds a repository guard test against dynamic `path.join(os.tmpdir(), \\`...${...}\\`)` patterns in runtime code.\n\nOpenClaw thanks @allsmog for reporting.",
  "id": "GHSA-vj3g-5px3-gr46",
  "modified": "2026-03-19T18:34:17Z",
  "published": "2026-03-03T18:42:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22171"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.