Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials.
AnalysisAI
OpenClaw versions 2026.4.7 through 2026.4.14 fail to enforce path containment on tool-result media references, enabling attackers to craft malicious tool-result inputs that trigger arbitrary local file reads or Windows UNC path access without authentication. An attacker can disclose sensitive files or extract credentials by exploiting this path-traversal weakness in the tool-result processing logic, requiring only network access and the ability to provide crafted tool-result media parameters to an exposed endpoint.
Technical ContextAI
OpenClaw is a tool orchestration platform that processes structured tool outputs, including media references. The vulnerability stems from CWE-73 (External Control of File Name or Path), where the application constructs file access paths from user-supplied tool-result media parameters without proper validation or canonicalization. The affected versions fail to restrict path traversal sequences (e.g., '../') or reject non-local file URIs (file://, SMB/UNC paths like //server/share) in the media path field. This allows an attacker to reference files outside the intended tool-result sandbox directory, including system files (/etc/passwd, /proc/self/environ) on Unix or credential stores on Windows. The CVSS 4.0 vector indicates network attack vector (AV:N), low complexity (AC:L), attack-time availability with partial timing variance (AT:P), no authentication required (PR:N), and no user interaction (UI:N), resulting in limited confidentiality impact (VC:L) but no integrity or availability impact.
RemediationAI
Upgrade OpenClaw immediately to version 2026.4.15 or later, which contains fixes from commits 1470de5d3e0970856d86cd99336bb8ada3fe87da, 6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde, and 52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc. These patches enforce path canonicalization and rejection of non-local file references (file://, UNC, SMB paths) in tool-result media processing. If immediate upgrading is not feasible, apply network-level mitigations by restricting network access to OpenClaw endpoints from untrusted sources; however, this does not address compromise via trusted clients providing malicious tool results. Verify that the OpenClaw process runs with minimal file-system permissions-do not grant the process read access to system configuration files, credential stores, or user home directories beyond those strictly required for legitimate tool-result operations. Monitor tool-result media parameters in application logs for path-traversal patterns (../, UNC paths, file:// URIs) as a compensating control, though this may have high false-positive rates depending on legitimate tool outputs.
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23931
GHSA-qc5j-2mqx-x83q