OpenClaw Server-Side Request Forgery Vulnerability in Feishu Extension

A server-side request forgery (SSRF) vulnerability has been identified in the OpenClaw application, specifically in versions prior to 2026.2.14. This vulnerability resides within the Feishu extension, where the 'sendMediaFeishu' function and markdown image processing can be exploited to fetch remote URLs controlled by an attacker. The absence of proper SSRF protections allows these requests to be directed to internal services, with the potential to re-upload the responses as media in Feishu.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate tool calls to access internal services and upload the retrieved data as Feishu media.

Reproduction

The vulnerability can be reproduced by using the 'sendMediaFeishu' function to send a media URL that points to an internal service. Alternatively, the vulnerability can be triggered by processing a markdown image URL that is also directed to an internal service. In both cases, the Feishu extension's media fetching capabilities are exploited to bypass SSRF protections.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.14 or later, where this vulnerability has been patched.