Skip to main content

OpenClaw EUVDEUVD-2026-27275

| CVE-2026-43532 MEDIUM
Incomplete List of Disallowed Inputs (CWE-184)
2026-05-05 VulnCheck
4.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
May 05, 2026 - 12:37 NVD
HIGH MEDIUM
CVSS changed
May 05, 2026 - 12:37 NVD
7.7 (HIGH) 4.9 (MEDIUM)
Source Code Evidence Fetched
May 05, 2026 - 12:19 vuln.today
Analysis Generated
May 05, 2026 - 12:19 vuln.today

DescriptionCVE.org

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

AnalysisAI

Path traversal in OpenClaw npm package allows authenticated attackers to expose confidential host-local files via Discord event cover image parameters. Versions 2026.4.7 through 2026.4.9 fail to normalize Discord event cover image paths through sandbox media processing, enabling attackers with low-privilege Discord bot credentials to bypass media sandboxing and inject host-local file references (e.g., file:///workspace/assets/event-cover.png) into channel actions expecting normalized media. This results in high confidentiality impact with scope change, as local filesystem paths outside the intended sandbox can be accessed. Vendor-released patch available (2026.4.10+). No active exploitation confirmed (not in CISA KEV), but public exploit code exists via GitHub commit and advisory.

Technical ContextAI

OpenClaw is an npm package providing Discord bot integration capabilities. The vulnerability stems from CWE-184 (Incomplete List of Disallowed Inputs), where the sandbox media normalization function checked only specific parameter keys ('media', 'path', 'filePath', 'mediaUrl', 'fileUrl') but omitted the 'image' parameter used by Discord's eventCreate API. When processing Discord event cover images, the code failed to rewrite file:// URIs pointing to host-local paths into sandbox-rooted paths. This allowed an attacker to craft Discord event creation requests with 'image' parameters containing absolute filesystem paths that would bypass the normalization routine and reach downstream channel action handlers expecting only sandboxed media references. The fix adds 'image' to the SANDBOX_MEDIA_PARAM_KEYS allowlist and includes test coverage for the event-create media path, ensuring all user-controllable media parameters undergo path rewriting before reaching sensitive file operations.

RemediationAI

Upgrade to OpenClaw version 2026.4.10 or newer immediately. The vendor-released patch is confirmed in stable tag v2026.4.10, with the latest npm release 2026.4.14 already including the fix. Update via npm with 'npm install openclaw@latest' or specify 'openclaw@^2026.4.10' in package.json dependencies. The fix commit 979c6f09d6fad96596feb91c905934be7e0b4f15 (PR #64377) adds 'image' to the SANDBOX_MEDIA_PARAM_KEYS array, ensuring Discord event cover images undergo the same path normalization as other media parameters. If immediate upgrade is not feasible, implement compensating controls: (1) Restrict Discord bot permissions to prevent event creation capabilities - this eliminates the attack vector but breaks event management functionality; (2) Deploy OpenClaw bot processes in isolated containers with read-only filesystem mounts for workspace directories, limiting exposure of sensitive files - adds operational overhead and may impact legitimate media operations; (3) Implement application-layer input validation to reject file:// URIs in all Discord API parameters before they reach OpenClaw - requires code changes and thorough testing of all media workflows. None of these workarounds are preferable to the vendor patch. Refer to GitHub advisory https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh and patch commit https://github.com/openclaw/openclaw/commit/979c6f09d6fad96596feb91c905934be7e0b4f15 for full technical details.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-27275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy