Primary

Context

OpenClaw Local Media Root Bypass Vulnerability in Message Actions

Vulnerability

A local media root bypass vulnerability has been identified in OpenClaw versions prior to 2026.2.24. This vulnerability exists in the 'sendAttachment' and 'setGroupIcon' message actions when the 'sandboxRoot' is unset. Attackers can exploit this issue by using local absolute paths to access and read arbitrary files on the host system that are accessible by the runtime user.

Impact

Exploitation of this vulnerability could lead to arbitrary file read on the host system.

Reproduction

The vulnerability can be reproduced by sending a message action that includes a media attachment or group icon, while omitting the 'sandboxRoot' parameter. This will trigger the action's media hydration process, which will bypass local root checks and allow access to arbitrary files via absolute paths.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.24 or later.

Added: Mar 18, 2026, 2:25 AM

Updated: Mar 18, 2026, 2:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

4.4

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

4.4

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Local Media Root Bypass Vulnerability in Message Actions

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating