OpenClaw Webchat Audio Embedding Local File Read Vulnerability

A vulnerability allowing arbitrary local file reads has been identified in OpenClaw versions prior to 2026.4.15. This issue arises in the webchat audio embedding helper, which fails to enforce local media root containment checks. As a result, attackers can manipulate the 'ReplyPayload.mediaUrl' parameter to access absolute local paths or file URLs, read audio-like files, and embed them as base64-encoded data into webchat responses. The vulnerability exploits a lack of proper path traversal limitations, potentially crossing into sensitive file areas.

Impact

Exploitation of this vulnerability allows for unauthorized reading of local files that are accessible to the OpenClaw gateway process. The read files must have audio-like extensions and be within a specified size limit, allowing their contents to be embedded in the webchat media transcript.

Reproduction

To reproduce this vulnerability, first upload a file with an audio-like extension (such as .mp3) to a location accessible by the OpenClaw gateway process. Then, influence an agent or tool to produce a 'ReplyPayload' that includes a 'mediaUrl' parameter pointing to the uploaded file. The webchat audio embedding helper will resolve the local path, read the file, and embed it into the webchat response, bypassing the necessary local media root checks.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.15 or later. The latest public release, 2026.4.21, includes the fix. Before upgrading, avoid exposing webchat sessions to untrusted content that could manipulate reply media URLs.