CVE-2026-41389
Local-Root Containment Bypass in OpenClaw Allows Arbitrary File Access
Publication date: 2026-04-20
Last updated on: 2026-04-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.4.7 (inc) to 2026.4.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41389 is a security vulnerability in OpenClaw versions 2026.4.7 before 2026.4.15 that affects the webchat media embedding functionality. The issue arises because the system fails to enforce local-root containment on tool-result media paths, allowing attackers to craft malicious media references that trigger unauthorized local file reads or access to Windows network (UNC) paths.
Specifically, the vulnerability allows embedding of unsafe remote-host file:// URLs and local audio files outside of explicitly allowed directories, which can lead to unauthorized file access or disclosure of sensitive information.
The fix involves rejecting remote-host file:// URLs, enforcing strict local filesystem path containment for embedded audio files within configured safe directories (localRoots), and tightening the handling of trusted tool media passthrough by requiring exact raw tool name matching to prevent unauthorized tools from inheriting local media trust.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to access arbitrary local files on the host system or Windows network paths through crafted media references in OpenClaw webchat messages.
Such unauthorized access can lead to disclosure of sensitive files or exposure of network credentials, especially on Windows deployments where UNC paths are accessible.
Because the vulnerability triggers host-side file reads before any rendered result is shown, attackers can potentially extract confidential information without user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unsafe handling of local and UNC file paths in OpenClaw webchat media embedding, allowing unauthorized local file reads or Windows network path access. Detection involves monitoring for suspicious media embedding attempts that include remote-host file:// URLs or UNC paths.
Since the vulnerability manifests as host-side file read operations triggered by crafted tool-result media references, detection can focus on identifying such suspicious media URLs or abnormal file access attempts in logs or during runtime.
Specific commands are not provided in the available resources. However, you can monitor filesystem access logs or audit logs for unexpected reads of local or UNC paths initiated by OpenClaw processes. Additionally, inspecting webchat media payloads for embedded media URLs starting with remote-host file:// or UNC paths may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade OpenClaw to version 2026.4.15 or later, where the vulnerability is fixed.
- The fix rejects remote-host file:// URLs in media embedding paths, preventing unsafe remote file access.
- It enforces strict local filesystem path containment by allowing only media files within explicitly configured localRoots directories to be embedded.
- The fix also prevents client tools from improperly inheriting local media trust by enforcing exact raw tool name matching and rejecting conflicting client tool names.
Additionally, ensure that your configuration properly defines localRoots directories to restrict media embedding to safe paths, and monitor for any rejected media embedding attempts as part of your security posture.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OpenClaw allows unauthorized local and UNC file access, potentially disclosing sensitive files or exposing credentials on affected systems.
Such unauthorized disclosure of sensitive files or credentials can lead to violations of data protection regulations and standards like GDPR and HIPAA, which mandate strict controls over the confidentiality and integrity of personal and sensitive data.
By enabling attackers to access files outside intended containment paths, the vulnerability risks exposing protected information, thereby undermining compliance with these regulations.
The fixes introduced enforce strict local-root containment and reject unsafe media URLs, which help mitigate these risks and support compliance efforts by preventing unauthorized data exposure.