PT-2026-30530 — Exposure of Resource to Wrong Sphere in Npm Openclaw

PT-2026-30530 · Npm · Openclaw

Published

2026-03-26

Updated

2026-03-26

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

The image tool did not fully honor the tools.fs.workspaceOnly filesystem boundary. In affected releases, image-path resolution could still traverse sandbox bridge mounts outside the workspace and read files from mounted directories that the other file tools would reject.

Affected Packages / Versions

Package: openclaw (npm)
Affected: < 2026.3.2
Fixed: >= 2026.3.2
Latest released tags checked: v2026.3.23 (ccfeecb6887cd97937e33a71877ad512741e82b2) and v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)
Latest published npm version checked: 2026.3.23-2

Fix Commit(s)

dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53
14baadda2c456f3cf749f1f97e8678746a34a7f4

Release Status

The complete fix shipped in v2026.3.2 and remains present in v2026.3.23 and v2026.3.23-2.

Code-Level Confirmation

src/agents/openclaw-tools.ts now passes fsPolicy into createImageTool, so the image tool receives the same workspace-only policy input as the other filesystem tools.
src/agents/tools/image-tool.ts, src/agents/tools/media-tool-shared.ts, and src/agents/sandbox-media-paths.ts now restrict local roots and sandbox-bridge resolution to the workspace when tools.fs.workspaceOnly is enabled.

OpenClaw thanks @YLChen-007 for reporting.

Fix

Exposure of Resource to Wrong Sphere

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-863

Related Identifiers

GHSA-CFP9-W5V9-3Q4H

Affected Products

Openclaw