CVE-2026-22178 in OpenClaw情報

要約

〜によって MITRE • 2026年03月18日

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

VulnCheck

予約する

2026年01月06日

公開

2026年03月18日

モデレーション

承諾済み

エントリ

VDB-351481

CPE

準備完了

CWE

CWE-1333 (確認済み)

CVSS

8.2 (NVD)

EPSS

0.00065

KEV

いいえ

アクティビティ

非常低い

セクター

Transportation, Government, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22178
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22178
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22178/

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!