CVE-2026-32026
MEDIUM
GHSA-33hm-cq8r-wc49
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Tags
Description
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.
Analysis
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability (CWE-22: Path Traversal) in sandbox media handling that allows attackers with low privileges to read and exfiltrate arbitrary files from the host temporary directory. An authenticated attacker can exploit this by crafting malicious media references delivered through attachment mechanisms, bypassing sandbox isolation to access sensitive files outside the intended sandbox root. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review file handling controls.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today