CVE-2026-22171CRITICAL 9.1EPSS p25.6%

CVE-2026-22171CVE-2026-22171

Description

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the client can use traversal segments to escape os.tmpdir() and write arbitrary files within the OpenClaw process permissions.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.34% probability of exploitation · percentile 25.6% · 2026-06-18T12:00:27Z
Published2026-03-18
Last modified2026-03-19

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871
  2. https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705
  3. https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f
  4. https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46
  5. https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28462
CVE
CVE-2026-32026
CVE
CVE-2026-28451
CVE
CVE-2026-43533
CVE
CVE-2026-41914
CVE
CVE-2026-28393
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.