Akiyama Mio

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.4.9 through 2026.4.9 **Description** A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root expansion at the global or agent level but rely on sender or group-scoped policy to deny `read` access for certain participants. Attackers with denied read access via `toolsBySender` or group policy can trigger host-media attachment loading to bypass authorization boundaries and retrieve readable local files through the outbound media path. **Recommendations** Update to version 2026.4.10.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.4.7 through 2026.4.9 **Description** Failure to normalize Discord event cover image parameters in sandbox media processing allows attackers to bypass media normalization. This enables the injection of host-local media references into channel action paths that expect normalized media. The issue specifically involves the `eventCreate.image` parameter. **Recommendations** Update to version 2026.4.10 or newer.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.4 **Description** A race condition exists in the shared-secret authentication process. This allows concurrent asynchronous requests to bypass the per-key rate-limit budget, enabling attackers to send multiple simultaneous authentication attempts to circumvent rate-limiting protections on Tailscale-capable paths. **Recommendations** Update to version 2026.4.4.