CVE-2026-25475
MEDIUMOpenClaw < 2026.1.30 - Unauthenticated Arbitrary File Read via MEDIA Path Traversal
Title source: llmDescription
OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30.
References (1)
Core 1
Core References
Exploit, Patch, Vendor Advisory x_refsource_confirm
https://github.com/openclaw/openclaw/security/advisories/GHSA-r8g4-86fx-92mq
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
49.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-22
Status
published
Products (2)
npm/openclaw
0 - 2026.1.30npm
openclaw/openclaw
< 2026.1.30
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026