CVE-2026-27522

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm	Patch Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

18 Mar 2026, 20:05

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
References	~~() https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51 -~~	() https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm - Patch, Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions -~~	() https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions - Third Party Advisory
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*

18 Mar 2026, 14:52

Type	Values Removed	Values Added
Summary		(es) Las versiones de OpenClaw anteriores a 2026.2.24 contienen una vulnerabilidad de omisión de la raíz de medios local en las acciones de mensaje sendAttachment y setGroupIcon cuando sandboxRoot no está configurado. Los atacantes pueden hidratar medios desde rutas absolutas locales para leer archivos de host arbitrarios accesibles por el usuario en tiempo de ejecución.

18 Mar 2026, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-18 02:16

Updated : 2026-03-18 20:05

NVD link : CVE-2026-27522

Mitre link : CVE-2026-27522

CVE.ORG link : CVE-2026-27522

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10