Description
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.
Published: 2026-03-31
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized media download leading to data exposure and disk writes.
Action: Apply patch
AI Analysis

Impact

OpenClaw versions prior to 2026.3.28 lack validation of sender authorization for inbound media sent via Zalo channels. As a result, an unauthenticated or unauthorized sender can trigger the application to fetch media from arbitrary URLs and store the returned data on disk. The data is stored even though the originating message is rejected, effectively allowing an attacker to cause unsolicited network requests and write arbitrary content to the media store, potentially leaking sensitive information or overwriting critical files.

Affected Systems

Current users of OpenClaw running any version earlier than 2026.3.28 are susceptible to this flaw. The vulnerability applies to the standard OpenClaw distribution on all platforms where the Zalo channel integration is enabled.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate to high risk. Although EPSS data is unavailable and the issue is not listed in KEV, the lack of authorization checks means the flaw can be exploited by sending crafted messages through the Zalo channel. The attack vector is inferred to be through Zalo channel messages that are processed by the OpenClaw service; an attacker only needs to send a manipulated message to trigger the download. The potential impact includes unauthorized data exposure, unauthorized disk writes, and possible denial of service through resource exhaustion.

Generated by OpenCVE AI on March 31, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.28 or later, which validates sender authorization for inbound media.
  • If an upgrade cannot be performed immediately, block or filter inbound Zalo channel messages from untrusted or unauthenticated senders at the network or application level.
  • Verify that the media store write permissions are restricted and that only authenticated media requests can write to the storage location.
  • Monitor application logs for rejected messages that are still resulting in network fetches or disk writes, and investigate any anomalies.

Generated by OpenCVE AI on March 31, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-v2v2-f783-358j OpenClaw: Zalo channel downloads media before sender authorization
History

Tue, 31 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Tue, 31 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.
Title OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T17:41:49.196Z

Reserved: 2026-03-23T11:00:48.408Z

Link: CVE-2026-33576

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T15:16:14.327

Modified: 2026-04-01T19:19:24.363

Link: CVE-2026-33576

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:29Z

Weaknesses