CVE-2026-32846 OpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File Read

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...

PT-2026-28443

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.3.23 Description The software contains a path traversal issue in media parsing. This allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. The...

OpenClaw Information Disclosure Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...

OpenClaw < 2026.1.30 Path Traversal (GHSA-r8g4-86fx-92mq)

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.30. It is, therefore, affected by a path traversal vulnerability: - The isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory...

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

EUVD-2026-5363

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

PT-2026-6291

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.30 Description OpenClaw is a personal AI assistant. The isValidMedia function in src/media/parse.ts allows arbitrary file paths, including absolute paths, home directory paths, and directory traversal sequence...

OpenClaw 信息泄露漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...