CVE-2026-3689

| EUVD-2026-21619 MEDIUM
2026-04-11 zdi
6.5
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 11, 2026 - 01:00 euvd
EUVD-2026-21619
Analysis Generated
Apr 11, 2026 - 01:00 vuln.today
CVE Published
Apr 11, 2026 - 00:17 nvd
MEDIUM 6.5

Tags

Information Disclosure Path Traversal

Description

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the path parameters provided to the canvas gateway endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-29312.

Analysis

Authenticated remote attackers can traverse the file system through the OpenClaw canvas gateway endpoint to disclose sensitive information due to insufficient path validation. The vulnerability affects OpenClaw across unspecified versions and requires valid user credentials; attackers operating with low-privilege accounts can read arbitrary files in the service account context. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +32
POC: 0

Share

CVE-2026-3689 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy