9 matches found
EUVD-2026-29141
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
CVE-2026-44996
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
CVE-2026-44996 OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
CVE-2026-44996
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
CVE-2026-44996
OpenClaw vulnerability CVE-2026-44996 affects versions before 2026.4.15. The webchat audio embedding helper fails local media root containment checks, allowing an attacker to influence ReplyPayload.mediaUrl to resolve absolute local paths or file URLs, read audio-like files, and embed them base64...
OpenClaw 路径遍历漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained a path traversal vulnerability. This vulnerability stemmed from the webchat audio embedding assistant’s failure to apply a check for the inclusion of the local medi...
PT-2026-39685
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
GHSA-GFG9-5357-HV4C OpenClaw: Webchat audio embedding could read local files without local-root containment
Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...
OpenClaw: Webchat audio embedding could read local files without local-root containment
Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...