What is the CVSS score of EUVD-2026-12722?

EUVD-2026-12722 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by EUVD-2026-12722?

CVE-2026-22178 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Openclaw EUVD-2026-12722

| CVE-2026-22178 MEDIUM

Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)

2026-03-18 VulnCheck

GHSA-c6hr-w26q-c636

Denial Of Service Openclaw

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 18, 2026 - 02:30 euvd

EUVD-2026-12722

Analysis Generated

Mar 18, 2026 - 02:30 vuln.today

Patch released

Mar 18, 2026 - 02:30 nvd

Patch available

CVE Published

Mar 18, 2026 - 01:34 nvd

MEDIUM 6.5

DescriptionNVD

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing.

AnalysisAI

OpenClaw versions before 2026.2.19 are vulnerable to regex injection and denial of service through unescaped Feishu mention metadata in the stripBotMention function. An unauthenticated network attacker can craft malicious mention metadata containing nested-quantifier patterns or regex metacharacters to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing, with a CVSS score of 6.5 indicating medium severity with integrity and availability impact. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-12722 vulnerability details – vuln.today

Back

Openclaw EUVD-2026-12722

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code