Description
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials.
Published: 2026-04-20
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions 2026.4.7 through 2026.4.14 allow attackers to supply malicious tool‑result media references that bypass local‑root containment checks, enabling arbitrary reads of local files or UNC network paths. This flaw is a classic file‑path traversal (CWE‑73) where an attacker can retrieve sensitive data such as configuration files or credentials. The vulnerability does not require elevated privileges; any user capable of sending a crafted media reference to the application can potentially trigger the file read.

Affected Systems

The affected product is OpenClaw, a Node.js‑based application. Versions before 2026.4.15, notably 2026.4.7 to 2026.4.14, are impacted. The bug exists in the media path handling module that resolves tool‑result media references against the local filesystem.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, pointing to a confidentiality risk. EPSS is not available, so the likelihood of exploitation cannot be quantified, and the flaw is not listed in CISA’s KEV catalog. The likely attack vector appears to be local or remote submission of malicious media paths; the flaw does not require authentication beyond access to the vulnerable interface. Given the potential to read arbitrary files, it poses a tangible risk of sensitive information disclosure if employed by an adversary.

Generated by OpenCVE AI on April 20, 2026 at 20:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.4.15 or later, which removes the local-root containment bypass.
  • If an upgrade is not immediately possible, modify the media‑path resolution code to verify that all tool‑result media references resolve within the application’s root directory before access.
  • Implement a whitelist or filter that blocks UNC paths and any paths that attempt to escape the intended directory structure.
  • Verify that your deployment does not expose the vulnerable interface to untrusted users or networks.

Generated by OpenCVE AI on April 20, 2026 at 20:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials.
Title OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-73
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-20T18:05:03.103Z

Reserved: 2026-04-20T14:13:45.348Z

Link: CVE-2026-41389

cve-icon Vulnrichment

Updated: 2026-04-20T18:04:55.730Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T18:16:27.980

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-41389

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T20:45:16Z

Weaknesses