Description
OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to bypass sender and group-scoped authorization boundaries and retrieve readable local files through the outbound media path.
Published: 2026-05-05
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions 2026.4.9 and earlier contain a sender policy bypass in the outbound host-media attachment read helper. The flaw allows an actor with read restrictions (such as toolsBySender or group policy denied access) to trigger host-media attachment loading, bypassing sender and group‑scoped permissions and reading local files from the outbound media path.

Affected Systems

The vulnerability affects the OpenClaw product from the OpenClaw vendor. Any installation of OpenClaw 2026.4.9 or earlier is susceptible; upgrading to 2026.4.10 or later removes the flaw.

Risk and Exploitability

The CVSS score of 4.9 indicates a moderate security impact. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog, suggesting limited or no exploitation evidence to date. The likely attack vector is a local compromise, where a user with restricted file permissions can exploit the bypass to read files that should be protected by sender or group policy. Mitigation through an official patch is strongly recommended due to the potential for sensitive data disclosure.

Generated by OpenCVE AI on May 5, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.10 or later.
  • Review and enforce sender and group policy settings to restrict outbound host‑media attachment access.
  • Adjust file system permissions so that only authorized users can read files from the outbound media path.

Generated by OpenCVE AI on May 5, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jhpv-5j76-m56h OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
History

Tue, 05 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to bypass sender and group-scoped authorization boundaries and retrieve readable local files through the outbound media path.
Title OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T14:48:23.888Z

Reserved: 2026-04-27T11:40:07.152Z

Link: CVE-2026-42438

cve-icon Vulnrichment

Updated: 2026-05-05T14:48:14.345Z

cve-icon NVD

Status : Received

Published: 2026-05-05T12:16:18.327

Modified: 2026-05-05T12:16:18.327

Link: CVE-2026-42438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:00:06Z

Weaknesses