CVE-2026-27522

CVSS v3.1

6.5

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-27522

Affected Products

Openclaw

CVE-2026-27522

Weakness Enumeration

Related Identifiers

Affected Products

References · 4