Description
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.
Published: 2026-03-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read in Host Temporary Directory
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandboxed media handling. Attackers can supply malicious media references that resolve to absolute paths within the host’s temporary directory but outside the intended sandbox root. The flaw allows reading and exfiltrating arbitrary files from that temporary directory, compromising confidentiality and potentially exposing sensitive data. The weakness is classified as CWE‑22 (Path Traversal).

Affected Systems

The vulnerability affects the OpenClaw application (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*). All releases dated before 2026.2.24 are impacted; upgrading to 2026.2.24 or later removes the flaw.

Risk and Exploitability

The CVSS base score is 7.1, indicating a high risk. No EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker sending a crafted media attachment to the application, which leads to the sandbox incorrectly resolving the path and reading host files. Because the flaw exploits local temporary directories, it may be easier for an attacker who can interact with the application’s media processing features.

Generated by OpenCVE AI on March 19, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.24 or later
  • Verify that the application’s temporary directory permissions are restricted to the application user
  • Implement strict validation of media attachment paths to prevent traversal outside the sandbox
  • Apply any vendor‑supplied patches or security updates as soon as they become available
  • Monitor for any unauthorized file read attempts in system logs

Generated by OpenCVE AI on March 19, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-33hm-cq8r-wc49 Temporary path handling could write outside OpenClaw temp boundary
History

Fri, 20 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.
Title OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-20T20:10:43.633Z

Reserved: 2026-03-10T19:48:40.709Z

Link: CVE-2026-32026

cve-icon Vulnrichment

Updated: 2026-03-20T20:10:40.421Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:37.510

Modified: 2026-03-23T17:13:41.837

Link: CVE-2026-32026

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T10:44:26Z

Weaknesses