CVE-2026-27522

Sažetak

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user.

Reference

https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51
https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

18-03-2026 - 02:16

Objavljeno

18-03-2026 - 02:16