Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.5 views

CVE-2026-27522 OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.7 views

CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/02 11:34 p.m.5 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the sendAttachment and setGroupIcon message actions when sandboxRoot is unset. An attacker can read arbitrary files accessible to the runtime user by triggering...

8.7CVSS6.5AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder