Description
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the OpenClaw process on the configured remote host via SCP.
Published: 2026-03-19
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive File Disclosure via Path Traversal
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function. When iMessage remote attachment fetching is enabled, the function accepts arbitrary absolute paths. This flaw, classified as CWE‑22, allows an attacker who can tamper with attachment path metadata to cause the OpenClaw process to read and expose any file readable by that process on the configured remote host via SCP. The exposure results in sensitive data disclosure and compromises confidentiality.

Affected Systems

The vulnerability affects installations of OpenClaw (vendor OpenClaw, product OpenClaw) running any version earlier than 2026.2.19. The affected software is identified by the Common Platform Enumeration string cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*, and the path traversal flaw exists in the core stageSandboxMedia logic that handles iMessage remote attachments.

Risk and Exploitability

The CVSS base score for this vulnerability is 8.2, indicating high severity. An EPSS score is not available, and the issue is not listed in the CISA KEV catalog. Exploitation requires that the attacker can modify the attachment path metadata, after which the OpenClaw process will read arbitrary files from the remote host over the SCP channel. Because the vulnerability allows reading of any file accessible to the OpenClaw process, the impact is limited to confidentiality loss of those files if the attacker succeeds.

Generated by OpenCVE AI on March 20, 2026 at 00:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.2.19 or later
  • If immediate update is not possible, disable iMessage remote attachment fetching in OpenClaw settings
  • Restrict SCP access on the remote host to prevent unauthorized file reads
  • Monitor OpenClaw logs for suspicious attachment fetching activity

Generated by OpenCVE AI on March 20, 2026 at 00:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x9cf-3w63-rpq9 OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 20 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the OpenClaw process on the configured remote host via SCP.
Title OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:29:27.534Z

Reserved: 2026-03-10T19:48:43.186Z

Link: CVE-2026-32030

cve-icon Vulnrichment

Updated: 2026-03-20T14:54:07.672Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T22:16:38.340

Modified: 2026-03-25T15:16:45.980

Link: CVE-2026-32030

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T10:44:23Z

Weaknesses