OpenClaw QQBot Media Tags Arbitrary File Read Vulnerability

A vulnerability allowing arbitrary file read has been identified in OpenClaw versions prior to 2026.4.10. This issue resides within the QQBot media handling, where attackers can craft reply texts that include media tags. These tags can reference local file paths outside the designated media storage area, leading to unauthorized disclosure of local files.

Impact

Exploitation of this vulnerability could result in unauthorized access to arbitrary local files on the host system.

Reproduction

The vulnerability can be reproduced by sending a reply that includes a media tag referencing a file outside of the allowed media storage directory. This can be done by using paths that traverse up the directory structure, such as relative paths that point to sensitive files like '/etc/passwd'.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.10 or later. The latest version available on npm, 2026.4.14, includes the necessary fix.