PT-2026-39685 · Openclaw · Openclaw

Keensecuritylab

·

Published

2026-04-29

·

Updated

2026-05-11

·

CVE-2026-44996

CVSS v4.0

6.3

Medium

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15
Description An arbitrary local file read issue exists in the webchat audio embedding helper due to a failure to apply local media root containment checks. Attackers can manipulate the ReplyPayload.mediaUrl parameter produced by agents or tools to resolve absolute local paths or file URLs. This allows the reading of audio-like files, which are then embedded as base64-encoded data into webchat responses.
Recommendations Update to version 2026.4.15.

Exploit

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44996
GHSA-GFG9-5357-HV4C

Affected Products

Openclaw