3 matches found
CVE-2026-33581
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...
CVE-2026-33581
OpenClaw before 2026.3.24 contains a sandbox bypass in the message tool that allows reading arbitrary local files via the mediaUrl and fileUrl alias parameters, which bypass localRoots validation. Attack appears to be possible when routing file requests through unvalidated aliases to access files...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...