OpenClaw: When Your AI Assistant Steals Your /etc/passwd
Vulnerability ID: GHSA-X22M-J5QQ-J49M
CVSS Score: 8.6
Published: 2026-02-18
A critical Server-Side Request Forgery (SSRF) and Local File Disclosure (LFD) vulnerability in the OpenClaw Feishu extension allows attackers to weaponize AI agents to fetch internal network resources or read sensitive local files.
TL;DR
The OpenClaw Feishu extension blindly trusted URLs and file paths provided in tool calls. Attackers can use this to make the server fetch internal metadata or read local files like /etc/passwd and upload the results to a chat window.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-918 (SSRF)
- Secondary CWE: CWE-73 (External Control of File Name or Path)
- CVSS Score: 8.6 (High)
- Attack Vector: Network (via Tool Call)
- Exploit Maturity: Proof of Concept
- Impact: High Confidentiality Loss
Affected Systems
- OpenClaw Framework
- OpenClaw Feishu Extension
-
openclaw: < 2026.2.14 (Fixed in:
2026.2.14)
Code Analysis
Commit: 5b4121d
fix(feishu): harden media fetching against SSRF and LFD
- fetch(url)
+ fetchRemoteMedia(url, { allowLocal: false })
Exploit Details
- GitHub Advisory: Official advisory containing reproduction steps and vulnerability analysis.
Mitigation Strategies
- Upgrade to patched version
- Implement network egress filtering
- Run application with least privilege
- Disable access to cloud metadata services
Remediation Steps:
- Stop the running OpenClaw instance.
- Run
npm update openclawto ensure version 2026.2.14 or higher is installed. - Verify the version in
package.json. - Restart the service and monitor logs for blocked SSRF attempts.
References
Read the full report for GHSA-X22M-J5QQ-J49M on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)