CVE-2026-27522

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24

Description OpenClaw versions before 2026.2.24 contain a local media root bypass in the sendAttachment and setGroupIcon message actions when sandboxRoot is not configured. This allows attackers to read arbitrary host files accessible by the runtime user by hydrating media from local absolute paths. The vulnerability occurs because of bypassed local media root checks when sandboxRoot is unset.

Recommendations Upgrade to OpenClaw version 2026.2.24 or later.

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

BDU:2026-05061

CVE-2026-27522

GHSA-FQCM-97M6-W7RM

Affected Products

Openclaw

CVE-2026-27522

Weakness Enumeration

Related Identifiers

Affected Products

References · 13