Description
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to retrieve sensitive media content within allowed media roots.
Published: 2026-04-23
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data access
Action: Patch Now
AI Analysis

Impact

The vulnerability in OpenClaw prior to version 2026.4.20 allows trusted‑proxy callers lacking operator.read scope to bypass scope enforcement in the assistant‑media route. This bypass permits retrieval of protected media content that resides within the allowed media roots, thereby exposing sensitive data that should be restricted by scope validation. The weakness corresponds to CWE‑863: Scope Validation Error and is rated a low overall CVSS score of 2.3, indicating a limited impact but still a legitimate risk to confidentiality.

Affected Systems

OpenClaw OpenClaw software before 2026.4.20 is affected. Any installation using a version earlier than 2026.4.20 running the assistant‑media route is vulnerable.

Risk and Exploitability

The EPSS score is less than 1 %, suggesting a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to require a trusted‑proxy caller; attackers can impersonate or compromise such a caller to exploit the bounded remediation path. The attack path relies on the existing identity-bearing HTTP authentication, which is bypassed by the route’s scope validation flaw. Although the likelihood is low, the vulnerability grants unauthorized access to sensitive media resources.

Generated by OpenCVE AI on April 28, 2026 at 14:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OpenClaw version 2026.4.20 or newer to fix the scope‑enforcement bypass.
  • Ensure that trusted‑proxy callers are authenticated and possess the required operator.read scope before accessing the assistant‑media endpoints.
  • Review the assistant‑media route configuration to enforce strict scope validation and reject any request that lacks the proper scope.

Generated by OpenCVE AI on April 28, 2026 at 14:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-v8qf-fr4g-28p2 OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
History

Thu, 23 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to retrieve sensitive media content within allowed media roots.
Title OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-23T18:25:54.078Z

Reserved: 2026-04-22T15:20:49.859Z

Link: CVE-2026-41908

cve-icon Vulnrichment

Updated: 2026-04-23T18:25:49.028Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T18:16:29.543

Modified: 2026-04-28T19:41:00.513

Link: CVE-2026-41908

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T15:00:14Z

Weaknesses