CVE-2026-32846
Path Traversal in OpenClaw Media Parsing Allows Sensitive File Disclosure
Publication date: 2026-03-26
Last updated on: 2026-03-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.23 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32846 is a path traversal vulnerability in OpenClaw versions up to 2026.3.23 affecting the media parsing layer. The vulnerability arises because the functions isLikelyLocalPath() and isValidMedia() do not properly validate file paths, allowing attackers to bypass checks using traversal sequences like "../" or home-directory shortcuts like "~".
This flaw enables attackers to reference files outside the intended application sandbox by exploiting incomplete validation and an allowBareFilename bypass, which accepts filenames matching certain patterns even if they contain traversal sequences.
As a result, attackers can read arbitrary files such as system files (/etc/passwd), environment files (.env), and SSH keys (~/.ssh/id_rsa), leading to unauthorized disclosure of sensitive information.
The vulnerability was fixed by introducing stricter path validation that rejects paths starting with traversal or home-directory patterns and by enhancing the media parsing logic to prevent these unsafe paths from being accepted or processed.
How can this vulnerability impact me? :
This vulnerability can have serious security impacts by allowing attackers to read arbitrary files on the system where OpenClaw is running.
- Disclosure of sensitive system files such as /etc/passwd, which can reveal user account information.
- Exposure of environment configuration files like .env that may contain secrets or configuration details.
- Access to SSH private keys (e.g., ~/.ssh/id_rsa), which could enable further unauthorized access to systems.
Because the vulnerability can be exploited remotely without any privileges or user interaction, it poses a high risk of confidentiality breach and unauthorized data disclosure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves path traversal in media parsing functions allowing attackers to read arbitrary files by bypassing path validation. Detection involves identifying attempts to access paths containing traversal sequences like '../', '~', or embedded traversal segments.
Since the vulnerability is in the OpenClaw media parsing layer, detection can focus on monitoring logs or outputs for suspicious media path patterns such as those containing '../', '~', or unusual file references like '/etc/passwd', '~/.ssh/id_rsa', or '.env'.
Suggested commands to detect exploitation attempts might include searching application logs or outputs for these patterns. For example, using grep on log files or output streams:
- grep -rE '(\.\./|~)' /path/to/openclaw/logs/
- grep -rE 'MEDIA:.*(\.\./|~)' /path/to/openclaw/logs/
- Monitoring for unexpected file access attempts to sensitive files such as '/etc/passwd' or SSH keys can also help detect exploitation.
Additionally, reviewing the media parsing outputs for stripped or empty media URLs where traversal patterns were rejected can indicate attempted exploitation.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to update OpenClaw to a version that includes the fix committed in commit 4797bbc, which addresses the vulnerability by rejecting path traversal and home directory patterns in media parsing.
This fix introduces a guard function that rejects paths starting with '../', exactly equal to '..', starting with '~', or containing embedded traversal segments, preventing unauthorized file access.
No configuration or migration is required as the fix is backward compatible and only rejects unsafe paths that should never have been accepted.
Until the update can be applied, consider monitoring and blocking inputs or requests containing suspicious path traversal patterns to reduce risk.
Also, ensure that downstream sandbox enforcement functions remain active and properly configured to provide defense-in-depth.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to read arbitrary files outside the intended application sandbox, including sensitive information such as system files, environment files, and SSH keys.
This unauthorized disclosure of sensitive information can lead to violations of data protection standards and regulations like GDPR and HIPAA, which require strict controls over the confidentiality and integrity of sensitive data.
By enabling attackers to bypass path validation and access sensitive files, the vulnerability undermines the security controls necessary to maintain compliance with these regulations.