Description
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy.
Published: 2026-04-28
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: Local File Read Outside Workspace Boundaries
Action: Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.4.8 are vulnerable to a filesystem policy bypass during docx upload processing. The flaw allows maliciously crafted documents to be uploaded via the upload_file and upload_image endpoints, enabling attackers to read files located outside the intended workspace directory. This path traversal weakness (CWE-22) exposes the confidentiality of system files accessible to the Web server, potentially revealing sensitive information such as configuration files or credentials. The impact is limited to file read, not exploitation of arbitrary code execution, but it can compromise application confidentiality and trust.

Affected Systems

The affected product is OpenClaw by OpenClaw. Any deployment using a release before 2026.4.8 is impacted. No further version granularity is provided in the CNA data.

Risk and Exploitability

The CVSS score of 6.0 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog, suggesting no known exploitation activity at the time of reporting. The attack likely requires an attacker to upload a malicious docx file to either upload_file or upload_image. Successful exploitation would allow reading arbitrary local files, potentially compromising confidentiality. Patch availability and installation are the most effective mitigation measures.

Generated by OpenCVE AI on April 29, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.8 or newer, which removes the vulnerable file‑handling logic.
  • If an upgrade is temporarily unavailable, restrict access to the upload_file and upload_image endpoints to trusted, authenticated users and validate file paths to prevent traversal beyond the workspace directory.
  • Review and tighten the application’s filesystem policy so that the web process can access only the intended workspace directory, using techniques such as chroot or sandboxing to enforce isolation.

Generated by OpenCVE AI on April 29, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy.
Title OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-28T18:10:07.234Z

Reserved: 2026-04-22T15:20:49.859Z

Link: CVE-2026-41911

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:44.833

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:30:06Z

Weaknesses