OpenClaw Cross-Channel Local File Exfiltration Vulnerability via Shared Reply MEDIA Paths
Vulnerability
A vulnerability in OpenClaw versions prior to 2026.4.8 allows for cross-channel local file exfiltration through shared reply MEDIA paths, which are improperly treated as trusted. This flaw can be exploited by crafting malicious shared reply MEDIA references that prompt another channel to access local file paths as if they were trusted, generated media.
Impact
Exploitation of this vulnerability could lead to unauthorized access and exfiltration of local file paths across different channels within the OpenClaw application.
Reproduction
To reproduce this vulnerability, create a shared reply MEDIA reference that includes a crafted local file path. When this reference is accessed in another channel, the application will treat the file path as trusted media, allowing for cross-channel file path exfiltration.
Remediation
Users can update to OpenClaw version 2026.4.8 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.