PT-2026-29261 · Openclaw · Openclaw
Antaisecuritylab
·
Publicado
2026-03-31
·
Atualizado
2026-03-31
·
CVE-2026-33581
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.24
Description
The software contains a sandbox bypass issue in the message tool. This allows attackers to read arbitrary local files by exploiting the
mediaUrl and fileUrl alias parameters, which bypass localRoots validation. Attackers can route file requests through these unvalidated parameters to access files outside the intended sandbox directory.Recommendations
Update to version 2026.3.24 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw