DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-GFG9-5357-HV4C: GHSA-GFG9-5357-HV4C: Local File Read via Unsandboxed Audio Embedding in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

GHSA-GFG9-5357-HV4C: Local File Read via Unsandboxed Audio Embedding in OpenClaw Gateway

Vulnerability ID: GHSA-GFG9-5357-HV4C
CVSS Score: 6.5
Published: 2026-04-29

The OpenClaw gateway component prior to version 2026.4.15 contains a Local File Read (LFR) vulnerability due to improper restriction of pathnames to authorized directories. The flaw resides in the webchat audio embedding functionality, which fails to restrict local file resolution to a trusted sandbox directory. An attacker who can influence the media URL of an agent reply can extract arbitrary local files that bypass extension and size filters, exposing sensitive data to the web interface.

TL;DR

OpenClaw versions before 2026.4.15 are vulnerable to a Local File Read flaw in the gateway component. Missing path containment checks in the audio embedding logic allow attackers to read arbitrary files from the filesystem by supplying crafted media URLs.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • Attack Vector: Network
  • Impact: Information Disclosure (Local File Read)
  • Exploit Status: Proof of Concept
  • CVSS Score: 6.5
  • Fixed Version: 2026.4.15

Affected Systems

  • OpenClaw Gateway Component
  • OpenClaw Webchat Interface
  • Node.js Environment
  • OpenClaw: < 2026.4.15 (Fixed in: 2026.4.15)

Code Analysis

Commit: 6e58f1f

Fix Local File Read in chat-webchat-media by implementing assertLocalMediaAllowed and asynchronous agent scoping.

Mitigation Strategies

  • Upgrade to OpenClaw version 2026.4.15
  • Enforce Principle of Least Privilege on the Node.js process user
  • Configure 'localRoots' to the narrowest possible operational directory
  • Implement agent-scoped media roots for multi-tenant isolation

Remediation Steps:

  1. Identify the current version of the OpenClaw deployment.
  2. Stop the OpenClaw gateway service.
  3. Update the npm package or pull the latest GitHub release for version 2026.4.15.
  4. Review gateway configuration to ensure 'localRoots' does not encompass sensitive host paths.
  5. Restart the OpenClaw gateway service and monitor logs for anomalous path resolution requests.

References

Read the full report for GHSA-GFG9-5357-HV4C on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)