MEDIUM 5.3 npm
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
GHSA-qf48-qfv4-jjm9 · CVE-2026-41363
Published · Modified
Description
Summary
Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path.
Impact
A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions.
Affected Component
extensions/feishu/src/docx.ts
Fixed Versions
- Affected:
>= 2026.2.6, <= 2026.3.24 - Patched:
>= 2026.3.28 - Latest stable
2026.3.28contains the fix.
Fix
Fixed by commit 764394c78b (fix: enforce localRoots sandbox on Feishu docx upload file reads).
References
- WEB https://github.com/openclaw/openclaw/security/advisories/GHSA-qf48-qfv4-jjm9
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-41363
- WEB https://github.com/openclaw/openclaw/commit/764394c78b6c22c5b53c3cd132d27ff36340bf45
- PACKAGE https://github.com/openclaw/openclaw
- WEB https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-feishu-upload-image-parameter
Ready to move
Start Securing
Free, no credit card | First findings in minutes