CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41363

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload_image operations to read arbitrary files outside configured localRoots boundaries.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.7%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2026-41363

Openclaw » Openclaw » Version: 2026.2.12

cpe:2.3:a:openclaw:openclaw:2026.2.12
Openclaw » Openclaw » Version: 2026.2.13

cpe:2.3:a:openclaw:openclaw:2026.2.13
Openclaw » Openclaw » Version: 2026.2.14

cpe:2.3:a:openclaw:openclaw:2026.2.14
Openclaw » Openclaw » Version: 2026.2.15

cpe:2.3:a:openclaw:openclaw:2026.2.15
Openclaw » Openclaw » Version: 2026.2.17

cpe:2.3:a:openclaw:openclaw:2026.2.17
Openclaw » Openclaw » Version: 2026.2.17.2

cpe:2.3:a:openclaw:openclaw:2026.2.17.2
Openclaw » Openclaw » Version: 2026.2.19

cpe:2.3:a:openclaw:openclaw:2026.2.19
Openclaw » Openclaw » Version: 2026.2.19-1

cpe:2.3:a:openclaw:openclaw:2026.2.19-1
Openclaw » Openclaw » Version: 2026.2.19-2

cpe:2.3:a:openclaw:openclaw:2026.2.19-2
Openclaw » Openclaw » Version: 2026.2.21

cpe:2.3:a:openclaw:openclaw:2026.2.21
Openclaw » Openclaw » Version: 2026.2.21-1

cpe:2.3:a:openclaw:openclaw:2026.2.21-1
Openclaw » Openclaw » Version: 2026.2.21-2

cpe:2.3:a:openclaw:openclaw:2026.2.21-2
Openclaw » Openclaw » Version: 2026.2.22

cpe:2.3:a:openclaw:openclaw:2026.2.22
Openclaw » Openclaw » Version: 2026.2.22-1

cpe:2.3:a:openclaw:openclaw:2026.2.22-1
Openclaw » Openclaw » Version: 2026.2.22-2

cpe:2.3:a:openclaw:openclaw:2026.2.22-2
Openclaw » Openclaw » Version: 2026.2.23

cpe:2.3:a:openclaw:openclaw:2026.2.23
Openclaw » Openclaw » Version: 2026.2.24

cpe:2.3:a:openclaw:openclaw:2026.2.24
Openclaw » Openclaw » Version: 2026.2.25

cpe:2.3:a:openclaw:openclaw:2026.2.25
Openclaw » Openclaw » Version: 2026.2.26

cpe:2.3:a:openclaw:openclaw:2026.2.26
Openclaw » Openclaw » Version: 2026.2.6

cpe:2.3:a:openclaw:openclaw:2026.2.6
Openclaw » Openclaw » Version: 2026.2.6-1

cpe:2.3:a:openclaw:openclaw:2026.2.6-1
Openclaw » Openclaw » Version: 2026.2.6-2

cpe:2.3:a:openclaw:openclaw:2026.2.6-2
Openclaw » Openclaw » Version: 2026.2.6-3

cpe:2.3:a:openclaw:openclaw:2026.2.6-3
Openclaw » Openclaw » Version: 2026.2.61

cpe:2.3:a:openclaw:openclaw:2026.2.61
Openclaw » Openclaw » Version: 2026.2.62

cpe:2.3:a:openclaw:openclaw:2026.2.62
Openclaw » Openclaw » Version: 2026.2.63

cpe:2.3:a:openclaw:openclaw:2026.2.63
Openclaw » Openclaw » Version: 2026.2.9

cpe:2.3:a:openclaw:openclaw:2026.2.9
Openclaw » Openclaw » Version: 2026.3.1

cpe:2.3:a:openclaw:openclaw:2026.3.1
Openclaw » Openclaw » Version: 2026.3.11

cpe:2.3:a:openclaw:openclaw:2026.3.11
Openclaw » Openclaw » Version: 2026.3.12

cpe:2.3:a:openclaw:openclaw:2026.3.12
Openclaw » Openclaw » Version: 2026.3.13

cpe:2.3:a:openclaw:openclaw:2026.3.13
Openclaw » Openclaw » Version: 2026.3.2

cpe:2.3:a:openclaw:openclaw:2026.3.2
Openclaw » Openclaw » Version: 2026.3.22

cpe:2.3:a:openclaw:openclaw:2026.3.22
Openclaw » Openclaw » Version: 2026.3.23

cpe:2.3:a:openclaw:openclaw:2026.3.23
Openclaw » Openclaw » Version: 2026.3.23-2

cpe:2.3:a:openclaw:openclaw:2026.3.23-2
Openclaw » Openclaw » Version: 2026.3.24

cpe:2.3:a:openclaw:openclaw:2026.3.24
Openclaw » Openclaw » Version: 2026.3.25

cpe:2.3:a:openclaw:openclaw:2026.3.25
Openclaw » Openclaw » Version: 2026.3.7

cpe:2.3:a:openclaw:openclaw:2026.3.7
Openclaw » Openclaw » Version: 2026.3.8

cpe:2.3:a:openclaw:openclaw:2026.3.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41363

Products

Pricing

Contact Us