OpenClaw Local Roots Self-Whitelisting Vulnerability Allowing Arbitrary Host File Read
Vulnerability
A local roots self-whitelisting vulnerability has been identified in OpenClaw versions prior to 2026.3.31. The issue resides in the 'appendLocalMediaParentRoots' function, where improper validation of media parent directories allows model-initiated reading of arbitrary host files. This vulnerability can be exploited to exfiltrate credentials and access sensitive files.
Impact
Exploitation of this vulnerability could lead to unauthorized reading of host files, allowing attackers to access sensitive information and credentials.
Reproduction
The vulnerability can be reproduced by using OpenClaw version 2026.3.28 or earlier. After setting up the application, append local media parent roots from a source that includes file URLs or top-level file paths. The 'appendLocalMediaParentRoots' function will improperly validate the media parent directory, allowing for arbitrary file reads from the host.
Remediation
Users can upgrade to OpenClaw version 2026.3.31 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.