OpenClaw Local File Inclusion Vulnerability in Media Path Validation

A local file inclusion vulnerability has been identified in OpenClaw versions through 2026.1.29. The issue arises in the 'isValidMedia()' function within 'src/media/parse.ts', which improperly validates file paths. This flaw allows agents to specify arbitrary file paths, including absolute paths, home directory paths, and directory traversal sequences. By exploiting this vulnerability, an agent can read any file accessible to the user under which the agent is running. The exfiltrated data is sent to the user or channel, potentially leaking sensitive information such as SSH keys, cloud credentials, API keys, and critical system files. The vulnerability has been patched in version 2026.1.30.

Impact

Exploitation of this vulnerability allows for arbitrary file read access, enabling the exfiltration of sensitive data such as SSH keys, cloud credentials, API keys, and access to critical system files.

Reproduction

To reproduce this vulnerability, an agent can output a 'MEDIA:' command followed by a file path that takes advantage of the lax validation. Paths can include absolute references, home directory shortcuts, or traversal sequences that access sensitive files. The contents of the specified file will be read and sent to the agent's user or channel.

Remediation

Users should update to OpenClaw version 2026.1.30 or later, where this vulnerability has been fixed.