How to fix CVE-2026-28451?

Within 24 hours: Identify all systems running OpenClaw versions prior to 2026.2.14 and assess Feishu extension usage. Within 7 days: Apply the available patch to all affected systems or disable the Feishu extension if patching cannot be completed. Within 30 days: Conduct security testing to verify the patch resolves the vulnerability and review logs for any suspicious activity related to sendMediaFeishu or markdown image processing functions.

CVE-2026-28451

Q: Is AI / ML affected by CVE-2026-28451?

OpenClaw versions before 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that could allow attackers to access internal systems and sensitive data.

HIGH

2026-03-05 [email protected]

GHSA-x22m-j5qq-j49m

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

Patch Released

Mar 11, 2026 - 16:15 nvd

Patch available

CVE Published

Mar 05, 2026 - 22:16 nvd

HIGH 8.3

Description

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media.

Analysis

OpenClaw versions before 2026.2.14 contain unprotected server-side request forgery flaws in the Feishu extension that enable remote attackers to access internal services and exfiltrate data without authentication. Attackers can exploit the sendMediaFeishu function and markdown image processing through direct manipulation or prompt injection to force the application to fetch attacker-controlled URLs and re-upload responses as Feishu media. …

Remediation

Within 24 hours: Identify all systems running OpenClaw versions prior to 2026.2.14 and assess Feishu extension usage. Within 7 days: Apply the available patch to all affected systems or disable the Feishu extension if patching cannot be completed. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2026-28451 vulnerability details – vuln.today

Back

CVE-2026-28451

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28451

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code