CVE-2026-28451

HighPublic PoC

Published: 05 March 2026

Published

05 March 2026

Modified

11 March 2026

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

EPSS Score 0.0004 12.8th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28451 is a high-severity SSRF (CWE-918) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms; in the LLM/Generative AI Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the SSRF vulnerability by requiring timely installation of the vendor patch in OpenClaw version 2026.2.14 or later.

SI-10 Information Input Validation good match

prevent

Mandates validation and sanitization of user-supplied URLs in sendMediaFeishu and markdown processing to block SSRF requests to internal services.

SC-7 Boundary Protection good match

preventdetect

Enforces boundary protections to monitor and control outbound network requests, preventing SSRF exploitation to unauthorized internal resources.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

Why these techniques?

SSRF in public-facing OpenClaw component enables remote exploitation without auth (T1190); directly facilitates internal service probing via arbitrary URL fetches (T1046).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation…

or prompt injection to trigger requests to internal services and re-upload responses as Feishu media.

Deeper analysisAI

CVE-2026-28451 is a server-side request forgery (SSRF) vulnerability affecting OpenClaw versions prior to 2026.2.14, specifically in the Feishu extension. The flaw arises in the sendMediaFeishu function and markdown image processing, which lack SSRF protections and allow attackers to fetch arbitrary attacker-controlled remote URLs. Assigned CWE-918, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) and was published on 2026-03-05.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Exploitation occurs via direct manipulation of tool calls or prompt injection, enabling attackers to trigger requests to internal services and re-upload the responses as Feishu media. This can lead to unauthorized access to internal resources, with low impacts on confidentiality, integrity, and availability but elevated severity due to the changed scope.

Mitigation details are outlined in official advisories, including a patch in OpenClaw commit 5b4121d6011a48c71e747e3c18197f180b872c5d. Security practitioners should update to OpenClaw version 2026.2.14 or later, as recommended by the GitHub security advisory (GHSA-x22m-j5qq-j49m) and VulnCheck advisory on the Feishu extension SSRF issue.

Details

CWE(s): CWE-918

Affected Products

openclaw

≤ 2026.2.14

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: prompt injection

CVEs Like This One

CVE-2026-27488Same product: Openclaw Openclaw

CVE-2026-43526Same product: Openclaw Openclaw

CVE-2026-26324Same product: Openclaw Openclaw

CVE-2026-26322Same product: Openclaw Openclaw

CVE-2026-32019Same product: Openclaw Openclaw

CVE-2026-35629Same product: Openclaw Openclaw

CVE-2026-31989Same product: Openclaw Openclaw

CVE-2026-41912Same product: Openclaw Openclaw

CVE-2026-22181Same product: Openclaw Openclaw

CVE-2026-28476Same product: Openclaw Openclaw

References

https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-x22m-j5qq-j49m
Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-ssrf-via-feishu-extension-media-fetching
Third Party Advisory · disclosure@vulncheck.com