CVE-2026-32846

OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37	Patch
https://github.com/openclaw/openclaw/pull/54642	Exploit Issue Tracking Vendor Advisory
https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r	Broken Link
https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read	Third Party Advisory
https://github.com/openclaw/openclaw/pull/54642	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

31 Mar 2026, 21:40

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
References	~~() https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37 -~~	() https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37 - Patch
References	~~() https://github.com/openclaw/openclaw/pull/54642 -~~	() https://github.com/openclaw/openclaw/pull/54642 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r - Broken Link
References	~~() https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read -~~	() https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read - Third Party Advisory

27 Mar 2026, 15:16

Type	Values Removed	Values Added
References	~~() https://github.com/openclaw/openclaw/pull/54642 -~~	() https://github.com/openclaw/openclaw/pull/54642 -
Summary		(es) OpenClaw hasta 2026.3.23 (corregido en el commit 4797bbc) contiene una vulnerabilidad de salto de ruta en el análisis de medios que permite a los atacantes leer archivos arbitrarios al eludir la validación de rutas en las funciones isLikelyLocalPath() e isValidMedia(). Los atacantes pueden explotar la validación incompleta y el bypass allowBareFilename para hacer referencia a archivos fuera del sandbox de la aplicación previsto, lo que resulta en la divulgación de información sensible, incluyendo archivos del sistema, archivos de entorno y claves SSH.

26 Mar 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 17:16

Updated : 2026-03-31 21:40

NVD link : CVE-2026-32846

Mitre link : CVE-2026-32846

CVE.ORG link : CVE-2026-32846

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.5 /10