Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.6 views

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References4
CVE
CVE
added 2026/03/18 1:34 a.m.21 views

CVE-2026-27522

OpenClaw before 2026.2.24 contains a local media root bypass in sendAttachment and setGroupIcon when sandboxRoot is unset, allowing hydration of media from local absolute paths to read arbitrary host files accessible by the runtime user. Affected product: OpenClaw; vulnerable components: media ha...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.5 views

CVE-2026-27522 OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3
Rows per page
Query Builder