PT-2026-30530 · Npm · Openclaw

Publicado

2026-03-26

·

Atualizado

2026-03-26

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

The image tool did not fully honor the tools.fs.workspaceOnly filesystem boundary. In affected releases, image-path resolution could still traverse sandbox bridge mounts outside the workspace and read files from mounted directories that the other file tools would reject.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: < 2026.3.2
  • Fixed: >= 2026.3.2
  • Latest released tags checked: v2026.3.23 (ccfeecb6887cd97937e33a71877ad512741e82b2) and v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)
  • Latest published npm version checked: 2026.3.23-2

Fix Commit(s)

  • dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53
  • 14baadda2c456f3cf749f1f97e8678746a34a7f4

Release Status

The complete fix shipped in v2026.3.2 and remains present in v2026.3.23 and v2026.3.23-2.

Code-Level Confirmation

  • src/agents/openclaw-tools.ts now passes fsPolicy into createImageTool, so the image tool receives the same workspace-only policy input as the other filesystem tools.
  • src/agents/tools/image-tool.ts, src/agents/tools/media-tool-shared.ts, and src/agents/sandbox-media-paths.ts now restrict local roots and sandbox-bridge resolution to the workspace when tools.fs.workspaceOnly is enabled.
OpenClaw thanks @YLChen-007 for reporting.

Correção

Exposure of Resource to Wrong Sphere

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668CWE-863

Identificadores relacionados

GHSA-CFP9-W5V9-3Q4H

Produtos afetados

Openclaw