CVE-2026-32846
Modified Modified - Updated After Analysis
Path Traversal in OpenClaw Media Parsing Allows Sensitive File Disclosure

Publication date: 2026-03-26

Last updated on: 2026-05-20

Assigner: VulnCheck

Description
OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-05-20
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32846
EUVD
EUVD-2026-16248
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.23 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to read arbitrary files outside the intended application sandbox, including sensitive information such as system files, environment files, and SSH keys.

This unauthorized disclosure of sensitive information can lead to violations of data protection standards and regulations like GDPR and HIPAA, which require strict controls over the confidentiality and integrity of sensitive data.

By enabling attackers to bypass path validation and access sensitive files, the vulnerability undermines the security controls necessary to maintain compliance with these regulations.

Executive Summary

CVE-2026-32846 is a path traversal vulnerability in OpenClaw versions up to 2026.3.23 affecting the media parsing layer. The vulnerability arises because the functions isLikelyLocalPath() and isValidMedia() do not properly validate file paths, allowing attackers to bypass checks using traversal sequences like "../" or home-directory shortcuts like "~".

This flaw enables attackers to reference files outside the intended application sandbox by exploiting incomplete validation and an allowBareFilename bypass, which accepts filenames matching certain patterns even if they contain traversal sequences.

As a result, attackers can read arbitrary files such as system files (/etc/passwd), environment files (.env), and SSH keys (~/.ssh/id_rsa), leading to unauthorized disclosure of sensitive information.

The vulnerability was fixed by introducing stricter path validation that rejects paths starting with traversal or home-directory patterns and by enhancing the media parsing logic to prevent these unsafe paths from being accepted or processed.

Impact Analysis

This vulnerability can have serious security impacts by allowing attackers to read arbitrary files on the system where OpenClaw is running.

  • Disclosure of sensitive system files such as /etc/passwd, which can reveal user account information.
  • Exposure of environment configuration files like .env that may contain secrets or configuration details.
  • Access to SSH private keys (e.g., ~/.ssh/id_rsa), which could enable further unauthorized access to systems.

Because the vulnerability can be exploited remotely without any privileges or user interaction, it poses a high risk of confidentiality breach and unauthorized data disclosure.

Detection Guidance

This vulnerability involves path traversal in media parsing functions allowing attackers to read arbitrary files by bypassing path validation. Detection involves identifying attempts to access paths containing traversal sequences like '../', '~', or embedded traversal segments.

Since the vulnerability is in the OpenClaw media parsing layer, detection can focus on monitoring logs or outputs for suspicious media path patterns such as those containing '../', '~', or unusual file references like '/etc/passwd', '~/.ssh/id_rsa', or '.env'.

Suggested commands to detect exploitation attempts might include searching application logs or outputs for these patterns. For example, using grep on log files or output streams:

  • grep -rE '(\.\./|~)' /path/to/openclaw/logs/
  • grep -rE 'MEDIA:.*(\.\./|~)' /path/to/openclaw/logs/
  • Monitoring for unexpected file access attempts to sensitive files such as '/etc/passwd' or SSH keys can also help detect exploitation.

Additionally, reviewing the media parsing outputs for stripped or empty media URLs where traversal patterns were rejected can indicate attempted exploitation.

Mitigation Strategies

The primary mitigation is to update OpenClaw to a version that includes the fix committed in commit 4797bbc, which addresses the vulnerability by rejecting path traversal and home directory patterns in media parsing.

This fix introduces a guard function that rejects paths starting with '../', exactly equal to '..', starting with '~', or containing embedded traversal segments, preventing unauthorized file access.

No configuration or migration is required as the fix is backward compatible and only rejects unsafe paths that should never have been accepted.

Until the update can be applied, consider monitoring and blocking inputs or requests containing suspicious path traversal patterns to reduce risk.

Also, ensure that downstream sandbox enforcement functions remain active and properly configured to provide defense-in-depth.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32846. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart