CVE-2026-33581
MEDIUMOpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters
Title source: cnaDescription
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-v8wv-jg3q-qwpq)
https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters
Scores
CVSS v3
6.5
EPSS
0.0056
EPSS Percentile
41.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (4)
npm/openclaw
0 - 2026.3.24npm
OpenClaw/OpenClaw
< 2026.3.24
openclaw/openclaw
< 2026.3.24
OpenClaw/OpenClaw
2026.3.24
Published
Mar 31, 2026
Tracked Since
Mar 31, 2026