Description
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots.
Published: 2026-04-10
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Read arbitrary files from other agents’ workspaces
Action: Patch
AI Analysis

Impact

OpenClaw before version 2026.3.24 permits a path traversal flaw in sandbox enforcement. Unnormalized mediaUrl or fileUrl parameters are accepted without proper validation, and the sandbox lacks a mediaLocalRoots context. This allows an attacker to read files outside the intended sandbox, including sensitive API keys and configuration data, resulting in a breach of confidentiality. The weakness is identified as CWE‑22.

Affected Systems

Vulnerable systems are installations of OpenClaw using any version prior to 2026.3.24. The affected component is the sandbox media handling module in the OpenClaw application.

Risk and Exploitability

The vulnerability scores a CVSS score of 7.1, indicating a high severity level. No EPSS data is available, but the flaw is not listed in the CISA KEV catalog. The likely attack vector is an HTTP request to a sandboxed agent with crafted mediaUrl or fileUrl parameters; the attacker must have network access to the agent to execute the exploit. Given the lack of additional constraints in the description, exploitation is considered feasible for a user with access to the target asset.

Generated by OpenCVE AI on April 10, 2026 at 17:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the OpenClaw update to version 2026.3.24 or later to eliminate the path traversal risk.

Generated by OpenCVE AI on April 10, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hr5v-j9h9-xjhg OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)
History

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots.
Title OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T18:27:23.337Z

Reserved: 2026-04-04T12:32:50.476Z

Link: CVE-2026-35668

cve-icon Vulnrichment

Updated: 2026-04-10T18:27:01.033Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:09.060

Modified: 2026-04-13T20:43:10.547

Link: CVE-2026-35668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:34Z

Weaknesses