GHSA-fqcm-97m6-w7rm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fqcm-97m6-w7rm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-fqcm-97m6-w7rm/GHSA-fqcm-97m6-w7rm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fqcm-97m6-w7rm
- Aliases
- Downstream
- Published
- 2026-03-02T23:34:02Z
- Modified
- 2026-03-18T22:02:27.123465Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset
- Details
-
Impact
sendAttachmentandsetGroupIconmessage actions could hydrate media from local absolute paths whensandboxRootwas unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered.Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version at triage:
2026.2.23 - Vulnerable:
<= 2026.2.23 - Patched in code:
>= 2026.2.24(planned next release)
Remediation
Upgrade to
openclaw2026.2.24or later once published.Fix Commit(s)
- 270ab03e379f9653e15f7033c9830399b66b7e51
Release Process Note
patched_versionsis pre-set to the planned next release (>= 2026.2.24). Once that npm release is published, this advisory can be published without further field edits.OpenClaw thanks @GCXWLP for reporting.
Publication Update (2026-02-25)
openclaw@2026.2.24is published on npm and contains the fix commit(s) listed above. This advisory now marks>= 2026.2.24as patched. - Package:
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-03-02T23:34:02Z", "cwe_ids": [ "CWE-200", "CWE-22" ], "severity": "HIGH", "nvd_published_at": "2026-03-18T02:16:23Z" }- References
-
- https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm
- https://nvd.nist.gov/vuln/detail/CVE-2026-27522
- https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51
- https://github.com/openclaw/openclaw
- https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw