PT-2026-39685 · Openclaw · Openclaw
Keensecuritylab
·
Published
2026-04-29
·
Updated
2026-05-11
·
CVE-2026-44996
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.15
Description
An arbitrary local file read issue exists in the webchat audio embedding helper due to a failure to apply local media root containment checks. Attackers can manipulate the
ReplyPayload.mediaUrl parameter produced by agents or tools to resolve absolute local paths or file URLs. This allows the reading of audio-like files, which are then embedded as base64-encoded data into webchat responses.Recommendations
Update to version 2026.4.15.
Exploit
Fix
Path traversal
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw