Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 1:34 a.m.10 views

EUVD-2026-12732

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.7 views

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References4
CVE
CVE
added 2026/03/18 1:34 a.m.24 views

CVE-2026-27522

OpenClaw before 2026.2.24 contains a local media root bypass in sendAttachment and setGroupIcon when sandboxRoot is unset, allowing hydration of media from local absolute paths to read arbitrary host files accessible by the runtime user. Affected product: OpenClaw; vulnerable components: media ha...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.5 views

CVE-2026-27522 OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/02 11:34 p.m.10 views

OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset

Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...

7.1CVSS6AI score0.00372EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder