CVE-2026-22178 in OpenClawИнформация

Сводка

по MITRE • 18.03.2026

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

06.01.2026

Раскрытие

18.03.2026

Модерация

принято

Вход

VDB-351481

CPE

готов

CWE

CWE-1333 (Подтверждённый)

CVSS

8.2 (NVD)

EPSS

0.00065

KEV

Нет

Деятельности

Очень низкий

Сектор

Homeoffice, Finance, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22178
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22178
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22178/

◂ Предыдущий Обзор Далее ▸

Do you know our Splunk app?

Download it now for free!