Is Openclaw affected by EUVD-2026-12722?

CVE-2026-22178 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments. A patch is available and should be applied during regular vulnerability management.

EUVD-2026-12722

| CVE-2026-22178 MEDIUM

2026-03-18 VulnCheck

GHSA-c6hr-w26q-c636

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 18, 2026 - 02:30 vuln.today

EUVD ID Assigned

Mar 18, 2026 - 02:30 euvd

EUVD-2026-12722

Patch Released

Mar 18, 2026 - 02:30 nvd

Patch available

CVE Published

Mar 18, 2026 - 01:34 nvd

MEDIUM 6.5

Description

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing.

Analysis

OpenClaw versions before 2026.2.19 are vulnerable to regex injection and denial of service through unescaped Feishu mention metadata in the stripBotMention function. An unauthenticated network attacker can craft malicious mention metadata containing nested-quantifier patterns or regex metacharacters to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing, with a CVSS score of 6.5 indicating medium severity with integrity and availability impact. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: 0

EUVD-2026-12722 vulnerability details – vuln.today

Back

EUVD-2026-12722

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12722

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code