OpenClaw Path Traversal Vulnerability Leading to Sensitive File Disclosure

A path traversal vulnerability has been identified in OpenClaw versions prior to 2026.2.19. The issue arises in the 'stageSandboxMedia' function, which accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can manipulate attachment path metadata may exploit this vulnerability to disclose files that are readable by the OpenClaw process on the configured remote host, using SCP to transfer the files.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive files from the remote host to the local OpenClaw environment.

Reproduction

To reproduce this vulnerability, enable iMessage remote attachment fetching in the OpenClaw configuration. Then, use the 'stageSandboxMedia' function to fetch an attachment from a path that is not within the expected iMessage attachment directories. This will trigger the path traversal vulnerability and allow access to files outside the designated directories.

Remediation

Users should upgrade to OpenClaw version 2026.2.19 or later, which includes a patch for this vulnerability. If remote attachments are not needed, iMessage attachment ingestion can be disabled.