GHSA-7qf6-h84j-8fq4: OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model

March 3, 2026

Microsoft Teams media handling used mixed fetch paths for Graph metadata/content and attachment auth-retry flows. Some paths bypassed the shared SSRF guard model and created inconsistent host/DNS enforcement across redirect/fetch hops.

References

github.com/advisories/GHSA-7qf6-h84j-8fq4
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/57334cd7d85174d5f951de01114fd5801b063564
github.com/openclaw/openclaw/security/advisories/GHSA-7qf6-h84j-8fq4

Code Behaviors & Features

Detect and mitigate GHSA-7qf6-h84j-8fq4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →