EUVD-2026-16248
GHSA-hggm-x7r9-mm7v
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5Tags
Description
OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.
Analysis
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files including system configurations, environment files, and SSH private keys by bypassing media parsing validation functions. The vulnerability stems from incomplete path validation in isLikelyLocalPath() and isValidMedia() functions, with an allowBareFilename bypass permitting sandbox escape. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running OpenClaw versions ≤2026.3.23 and assess exposure in air-gapped or internet-facing environments. Within 7 days: Apply vendor patch from commit 4797bbc or later released version; test in non-production environment before deployment. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today