PT-2026-25119 · Npm · Openclaw
Published
2026-03-02
·
Updated
2026-03-02
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Impact
sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered.Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version at triage:
2026.2.23 - Vulnerable:
<= 2026.2.23 - Patched in code:
>= 2026.2.24(planned next release)
Remediation
Upgrade to
openclaw 2026.2.24 or later once published.Fix Commit(s)
- 270ab03e379f9653e15f7033c9830399b66b7e51
Release Process Note
patched versions is pre-set to the planned next release (>= 2026.2.24). Once that npm release is published, this advisory can be published without further field edits.OpenClaw thanks @GCXWLP for reporting.
Publication Update (2026-02-25)
openclaw@2026.2.24 is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.Fix
Information Disclosure
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw