DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-MR34-9552-QR95: GHSA-mr34-9552-qr95: Arbitrary File Disclosure and NTLM Leak in OpenClaw Webchat Media Processing

#security #cve #cybersecurity #ghsa

GHSA-mr34-9552-qr95: Arbitrary File Disclosure and NTLM Leak in OpenClaw Webchat Media Processing

Vulnerability ID: GHSA-MR34-9552-QR95
CVSS Score: 8.6
Published: 2026-04-17

OpenClaw versions prior to 2026.4.15 contain a critical path traversal and security containment bypass vulnerability. The gateway fails to enforce local filesystem boundaries when processing tool-result media payloads, enabling malicious plugins to disclose arbitrary files or leak Windows NTLM credentials via outbound Server Message Block (SMB) requests.

TL;DR

A path traversal and trust bypass in OpenClaw allows attacker-controlled plugins to read arbitrary local files or leak NTLM credentials via crafted tool-result payloads.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Improper Limitation of a Pathname (CWE-22) / Identity Confusion (CWE-178)
  • CVSS Score: 8.6 (High)
  • Attack Vector: Network
  • Authentication: Low Privileges Required (Plugin execution)
  • Exploit Maturity: Proof of Concept
  • Impact: Arbitrary File Read / NTLM Credential Leak

Affected Systems

  • OpenClaw
  • openclaw: < 2026.4.15 (Fixed in: 2026.4.15)

Code Analysis

Commit: 1470de5

fix(webchat): reject remote-host file:// URLs in media embedding path

Commit: 6e58f1f

fix(gateway): enforce localRoots containment on webchat audio embedding path

Commit: 52ef423

fix: tighten trusted tool media passthrough

Mitigation Strategies

  • Upgrade the openclaw npm package to version 2026.4.15 or later.
  • Block outbound SMB traffic (TCP ports 139 and 445) from the gateway server at the network firewall.
  • Disable or audit third-party plugins and tools running within the OpenClaw environment.

Remediation Steps:

  1. Identify all running instances of OpenClaw within the infrastructure.
  2. Update the project dependencies using npm install openclaw@^2026.4.15.
  3. Restart the OpenClaw gateway services to apply the updated application logic.
  4. Review gateway configuration to ensure localRoots is strictly defined and necessary.
  5. Review network firewall rules to ensure outbound SMB is restricted to trusted subnets only.

References

Read the full report for GHSA-MR34-9552-QR95 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)