CVE-2026-22171: OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
(updated )
OpenClaw’s Feishu media download flow used untrusted Feishu media keys (imageKey / fileKey) when building temporary file paths in extensions/feishu/src/media.ts.
Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside os.tmpdir().
References
- github.com/advisories/GHSA-vj3g-5px3-gr46
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871
- github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705
- github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f
- github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46
- nvd.nist.gov/vuln/detail/CVE-2026-22171
- www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming
Code Behaviors & Features
Detect and mitigate CVE-2026-22171 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →