3 matches found
CVE-2026-42424
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...
GHSA-QQQ7-4HXC-X63C OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration
Impact Shared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration. A crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media. OpenClaw is a user-controlled local assistant. This advisory is...