{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32846", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-16T18:11:41.758Z", "datePublished": "2026-03-26T16:36:00.657Z", "dateUpdated": "2026-03-27T14:43:07.620Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T16:36:00.657Z"}, "title": "OpenClaw Media Parsing Path Traversal to Arbitrary File Read", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "versions": [{"status": "affected", "version": "0", "lessThan": "4797bbc5b96e2cca5532e43b58915c051746fe37", "versionType": "git"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.<br>"}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openclaw/openclaw/pull/54642", "tags": ["issue-tracking"]}, {"url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Zhijie Zhang", "type": "finder"}, {"lang": "en", "value": "VulnCheck", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"references": [{"url": "https://github.com/openclaw/openclaw/pull/54642", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:43:02.829268Z", "id": "CVE-2026-32846", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:43:07.620Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "OpenClaw Media Parsing Path Traversal to Arbitrary File Read", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zhijie Zhang"}, {"lang": "en", "type": "coordinator", "value": "VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "versions": [{"status": "affected", "version": "0", "lessThan": "4797bbc5b96e2cca5532e43b58915c051746fe37", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openclaw/openclaw/pull/54642", "tags": ["issue-tracking"]}, {"url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.", "supportingMedia": [{"type": "text/html", "value": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T16:36:00.657Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32846", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T14:43:02.829268Z"}}}], "references": [{"url": "https://github.com/openclaw/openclaw/pull/54642", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-27T14:42:55.919Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-32846", "state": "PUBLISHED", "dateUpdated": "2026-03-26T16:36:00.657Z", "dateReserved": "2026-03-16T18:11:41.758Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T16:36:00.657Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys."}, {"lang": "es", "value": "OpenClaw hasta 2026.3.23 (corregido en el commit 4797bbc) contiene una vulnerabilidad de salto de ruta en el an\u00e1lisis de medios que permite a los atacantes leer archivos arbitrarios al eludir la validaci\u00f3n de rutas en las funciones isLikelyLocalPath() e isValidMedia(). Los atacantes pueden explotar la validaci\u00f3n incompleta y el bypass allowBareFilename para hacer referencia a archivos fuera del sandbox de la aplicaci\u00f3n previsto, lo que resulta en la divulgaci\u00f3n de informaci\u00f3n sensible, incluyendo archivos del sistema, archivos de entorno y claves SSH."}], "id": "CVE-2026-32846", "lastModified": "2026-03-27T15:16:53.777", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-26T17:16:37.640", "references": [{"source": "[email protected]", "url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37"}, {"source": "[email protected]", "url": "https://github.com/openclaw/openclaw/pull/54642"}, {"source": "[email protected]", "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r"}, {"source": "[email protected]", "url": "https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/openclaw/openclaw/pull/54642"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4797bbc5b96e2cca5532e43b58915c051746fe37)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenClaw", "source": "cna", "vendor": "OpenClaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-03-26T17:21:24.030740+00:00", "value": {"mitigation_remediation": ["Apply the latest OpenClaw release or backport the patch from commit 4797bbc5b96e2cca5532e43b58915c051746fe37, which removes the path validation bypass in media parsing.", "If an immediate upgrade is not possible, disable the allowBareFilename option (if configurable) to prevent bypassing of path checks.", "Verify that the media processing subsystem correctly rejects paths containing traversal sequences such as \u2018../\u2019 before accessing the filesystem.", "Monitor upload logs for repeated attempts to access restricted files and implement rate limiting or quarantine as needed.", "Verify that the application is not unintentionally exposing sensitive file paths through log messages or error responses during media parsing."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is OpenClaw, all releases up to and including 2026.3.23. Versions newer than 2026.3.23 incorporate the fix found in commit 4797bbc5b96e2cca5532e43b58915c051746fe37. No other vendor or product variants are listed. Users should verify their installation version and apply the latest patch or upgrade path.", "description_and_impact": "OpenClaw versions up to and including 2026.3.23 contain a path traversal flaw in the media parsing component. The vulnerability arises from insufficient validation in the isLikelyLocalPath() and isValidMedia() functions, allowing an attacker to craft a media file that points to filesystem locations outside the application sandbox. Successful exploitation results in arbitrary file reads, exposing sensitive data such as system files, environment variables, and SSH keys. The weakness is identified as a classic directory traversal (CWE\u201122) and poses a severe confidentiality risk.", "risk_and_exploitability": "The vulnerability is high severity with a CVSS score of 8.7, indicating it can be exploited with significant impact. The EPSS score is not available, but the lack of listing in the CISA KEV catalog suggests no confirmed widespread exploitation yet. Based on the description, the likely attack vector is remote, as the flaw is triggered by supplying a malicious media file during parsing, which can be performed over a network or via user input. An attacker would need the ability to upload or otherwise provide the crafted media to the application to exploit this defect."}}}}, "created": "2026-03-27T08:33:48.386781+00:00", "updated": "2026-03-27T09:26:14.328548+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}