Description
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling.
Published: 2026-05-05
Score: 8.9 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.4.10 allow an attacker to read any file on the host that lies outside the intended media storage directory. The flaw stems from insecure handling of QQBot media tags in reply text, where a crafted tag can reference host‑local file paths, causing the server to retrieve and disclose the file contents. This can expose sensitive configuration files, credentials, or other confidential data stored on the system, potentially compromising confidentiality and integrity. The core weakness is a classic path traversal flaw, categorized as CWE‑23.

Affected Systems

The vulnerability impacts installations of the OpenClaw application with versions older than 2026.4.10. All affected deployments that enable QQBot media tags are susceptible, regardless of the underlying operating system, as the flaw resides in application code.

Risk and Exploitability

The CVSS score of 8.9 classifies the issue as high severity. Because the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, there is currently no evidence of widespread exploitation. The likely attack vector is remote message injection, where an attacker sends a malicious QQBot media tag from another user or external source. If the server processes replies from any authenticated or unauthenticated channel, the vulnerability can be triggered without local privileges and does not require additional exploitation conditions beyond the ability to send a message containing the crafted tag.

Generated by OpenCVE AI on May 5, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.4.10 or newer to apply the patch that prevents path traversal in QQBot media tags.
  • Until the upgrade is applied, disable QQBot media tags or block media handling routes that process external input to eliminate the attack surface.
  • Review and tighten file‑system permissions for the media storage directory, ensuring that only the application process can read/write, and validate all file paths before accessing disk.

Generated by OpenCVE AI on May 5, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-66r7-m7xm-v49h OpenClaw: QQBot media tags could read arbitrary local files through reply text
History

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling.
Title OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-23
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T11:25:05.764Z

Reserved: 2026-05-01T16:56:19.947Z

Link: CVE-2026-43533

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T12:16:19.610

Modified: 2026-05-05T12:16:19.610

Link: CVE-2026-43533

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:30:25Z

Weaknesses