OpenClaw Redirect Chain Bypass Vulnerability in Microsoft Teams Attachment Handling

A vulnerability exists in OpenClaw versions prior to 2026.2.22, where the application fails to properly validate redirect chains against configured media allowlists during Microsoft Teams media downloads. This oversight allows attackers to manipulate attachment URLs, directing them to non-allowlisted targets and bypassing server-side request forgery (SSRF) protections. The issue arises in the handling of redirects for SharePoint reference attachment URLs during Graph-backed media fetches, where redirect chains can escape configured media host boundaries.

Impact

Exploitation of this vulnerability could lead to unauthorized access to or manipulation of data from non-allowlisted targets, undermining the application's SSRF boundary controls for Microsoft Teams media ingestion.

Reproduction

The vulnerability can be reproduced by sending a Microsoft Teams attachment that includes a URL redirecting to a non-allowlisted target. During the download process, the application will follow the redirect, bypassing the media allowlist checks and potentially fetching content from an unauthorized source.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.