Description
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media.
Published: 2026-04-28
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: Local File Exfiltration
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.4.8 propagate trusted status to shared reply MEDIA paths without validating the referenced local file locations. An attacker can craft a malicious shared reply media reference that, when resolved by another channel in the same installation, causes that channel to read a local file path as though it were a legitimate media resource. This flaw does not provide code execution but allows the disclosure of arbitrary files that the process can read, compromising confidentiality and potentially leaking sensitive data.

Affected Systems

OpenClaw, versions earlier than 2026.4.8 running on node.js environments are impacted. The vulnerability surfaces in all deployments that make use of the shared reply media feature.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate impact, and while no EPSS score is available, the flaw is not listed in CISA KEV, suggesting limited public exploitation. The likely attack vector involves an authenticated or authorized user who can send a crafted media reference in their own channel, leading an adjacent channel to exfiltrate a local file path. The exploitation requires that the receiving channel resolves the path without proper validation, so the attack works locally within the same instance and can leak internal data without privilege escalation.

Generated by OpenCVE AI on April 28, 2026 at 22:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.4.8 or later to eliminate the handling error that treats shared reply MEDIA paths as trusted.
  • If an upgrade is not immediately possible, configure the application to reject or sandbox shared reply media references by enforcing a strict whitelist of allowed file locations and stripping any path traversal components before resolution.
  • Audit and monitor channel logs for anomalous media reference patterns that could indicate attempts to exfiltrate local files; limit the use of shared reply media features to trusted users or disable the feature altogether in high‑risk environments.

Generated by OpenCVE AI on April 28, 2026 at 22:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media.
Title OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-73
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T13:13:07.530Z

Reserved: 2026-04-27T11:38:59.195Z

Link: CVE-2026-42424

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:46.217

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-42424

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:00:13Z

Weaknesses