Home / Vulnerability Intelligence / CVE-2026-28451

CVE-2026-28451 - Vulnerability Analysis

HighCVSS: 8.3

Last Updated: March 6, 2026

OpenClaw - Server Side Request Forgery

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.14 contains a server-side request forgery caused by insufficient SSRF protections in the Feishu extension's sendMediaFeishu function and markdown image processing, letting attackers fetch attacker-controlled URLs and re-upload responses as media, exploit requires attacker to manipulate tool calls or prompt injection.

Severity & Score

Severity: High

CVSS Score: 8.3

EPSS Score: 3.6%(Probability of exploitation in next 30 days)

Impact

Attackers can make unauthorized requests to internal services and re-upload responses, potentially leading to data exposure or further attacks.

Mitigation

Update to version 2026.2.14 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 7, 2026

🟠 CVE-2026-28451 - High (8.3) OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28451/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28451
Severity: High
CVSS Score: 8.3
Type: server_side_request_forgery
Status: new
EPSS: 3.6%
Social Posts: 1

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

EPSS Score

3.6%Probability of exploitation in the next 30 days