CVE-2026-35668

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24

Description OpenClaw versions before 2026.3.24 contain a path traversal vulnerability in its sandbox enforcement mechanism. This allows sandboxed agents to read arbitrary files from other agents' workspaces by exploiting unnormalized mediaUrl or fileUrl parameter keys. The vulnerability arises from incomplete parameter validation in the normalizeSandboxMediaParams function and the omission of mediaLocalRoots from the dispatch context in handlePluginAction. An attacker can leverage this to access sensitive files, including API keys and configuration data, outside of the designated sandbox roots. The vulnerability allows a sandboxed agent to read files from other agents' workspaces by using the mediaUrl or fileUrl parameter key in message tool calls. The normalizeSandboxMediaParams function only checks media, path, and filePath keys, while mediaUrl and fileUrl bypass validation. Combined with handlePluginAction dropping mediaLocalRoots from the dispatch context, this enables a full sandbox escape where any agent can read files outside its designated sandbox root.

Recommendations Update to OpenClaw version 2026.3.24 or later.