Home

Description

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs, read audio-like files, and embed them base64-encoded into webchat responses.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-11 | Updated 2026-05-11 | Assigner VulnCheck




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 2026.4.15
affected

2026.4.15 (semver)
unaffected

Credits

zsx (@zsxsoft) reporter

KeenSecurityLab coordinator

References

github.com/...enclaw/security/advisories/GHSA-gfg9-5357-hv4c (GitHub Security Advisory (GHSA-gfg9-5357-hv4c)) vendor-advisory

github.com/...ommit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde (Patch Commit) patch

www.vulncheck.com/...l-file-read-via-webchat-audio-embedding (VulnCheck Advisory: OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding) third-party-advisory

cve.org (CVE-2026-44996)

nvd.nist.gov (CVE-2026-44996)

Download JSON