CVE-2026-28451 in OpenClaw
Summary
by MITRE • 03/06/2026
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/11/2026
The vulnerability identified as CVE-2026-28451 affects OpenClaw versions prior to 2026.2.14 and represents a critical server-side request forgery issue within the Feishu extension component. This flaw resides in the sendMediaFeishu function and markdown image processing capabilities, creating a significant security risk that enables unauthorized access to internal network resources. The vulnerability stems from insufficient input validation and sanitization mechanisms that fail to properly restrict outbound requests to attacker-controlled remote URLs.
The technical implementation of this vulnerability allows attackers to manipulate the Feishu extension's media handling functionality through carefully crafted markdown image references. When the system processes these references, it fails to validate the remote URLs against a whitelist or implement proper network boundary controls. This weakness operates under CWE-918, which specifically addresses server-side request forgery vulnerabilities where applications fetch resources from untrusted sources without adequate protection mechanisms. The flaw enables attackers to indirectly access internal services that would normally be protected by network segmentation and firewalls.
The operational impact of this vulnerability extends beyond simple information disclosure to encompass potential system compromise and lateral movement within network environments. Attackers can leverage this weakness to probe internal services, potentially discovering sensitive endpoints, databases, or administrative interfaces that should remain isolated from external access. The ability to re-upload responses as Feishu media creates a sophisticated attack vector where malicious payloads can be disguised as legitimate documents or images, making detection more challenging. This vulnerability aligns with ATT&CK technique T1190, which covers exploitation of remote services through server-side request forgery attacks.
Mitigation strategies should prioritize immediate patching to version 2026.2.14 or later, which includes proper URL validation and network access controls. Organizations should implement strict outbound network restrictions and establish a deny-all policy for external requests from the Feishu extension component. Additional protective measures include implementing network segmentation, deploying web application firewalls with content inspection capabilities, and establishing monitoring for unusual outbound traffic patterns. Security teams should also conduct thorough code reviews focusing on all external resource handling functions and implement proper input sanitization techniques to prevent similar vulnerabilities in other components. The vulnerability demonstrates the critical importance of validating all external inputs and implementing proper access controls even within trusted application extensions.