CVE-2026-32026
MEDIUMOpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox
Title source: cnaDescription
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-33hm-cq8r-wc49)
https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49
Patch patch
Patch Commit #1
https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5
Patch patch
Patch Commit #2
https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351
Patch patch
Patch Commit #3
https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
26.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (3)
npm/openclaw
0 - 2026.2.24npm
OpenClaw/OpenClaw
< 2026.2.24
OpenClaw/OpenClaw
2026.2.24
Published
Mar 19, 2026
Tracked Since
Mar 20, 2026