15 matches found
CVE-2026-43532
OpenClaw 2026.4.7
GHSA-C9H3-5P7R-MRJH OpenClaw: Discord event cover images bypassed sandbox media normalization
Summary Discord event cover images bypassed sandbox media normalization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.10 Impact Discord event cover image parameters could bypass the sandbox media normalization path used for outbound...
PT-2026-37017
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.7 through 2026.4.9 Description Failure to normalize Discord event cover image parameters in sandbox media processing allows attackers to bypass media normalization. This enables the injection of host-local media...
EUVD-2026-21482
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
CVE-2026-31990
OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the...
CVE-2026-32026
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...
CVE-2026-32030
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the...
CVE-2026-32903
CVE-2026-32903 affects OpenClaw up to version 2026.3.2. A symlink traversal in stageSandboxMedia allows an attacker to follow unvalidated destination paths in media/inbound writes and overwrite host files outside the sandbox boundary. The issue is locally exploitable with low attack complexity an...
CVE-2026-32026
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...
CVE-2026-32026
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...
CVE-2026-32030 OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the...
EUVD-2026-13300
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...
CVE-2026-32026
The CVE-2026-32026 issue affects OpenClaw before version 2026.2.24, where improper path validation in sandbox media handling permits access to absolute paths under the host temporary directory outside the active sandbox root. Exploitation via malicious media references in attachment delivery can ...
CVE-2026-31990
OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the...
CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...