GHSA-x9cf-3w63-rpq9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x9cf-3w63-rpq9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-x9cf-3w63-rpq9/GHSA-x9cf-3w63-rpq9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x9cf-3w63-rpq9
- Aliases
- Downstream
- Published
- 2026-03-03T19:58:32Z
- Modified
- 2026-03-27T22:17:45.654660Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
- Details
-
Summary
When iMessage remote attachment fetching is enabled (
channels.imessage.remoteHost),stageSandboxMediaaccepted arbitrary absolute paths and used SCP to copy them into local staging.If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the remote host can be staged.
Affected Packages / Versions
- Package:
openclaw - Affected: up to and including
2026.2.17(latest npm version as of February 19, 2026) - Fixed: pending next release with remote attachment path validation
Impact
Confidentiality impact. An attacker who can influence inbound attachment path metadata may disclose files readable by the OpenClaw process on the configured remote host.
Attack Preconditions
- iMessage attachments enabled (
channels.imessage.includeAttachments=true), and - remote attachment mode active (
channels.imessage.remoteHostconfigured or auto-detected), and - attacker can inject/tamper with attachment path metadata.
Given these preconditions, this advisory is assessed as medium severity.
Fix Commit(s)
1316e5740382926e45a42097b4bfe0aef7d63e8e
Release Process Note
patched_versionsshould be set to the next released npm version that includes remote attachment path validation, then the advisory can be published.Mitigation
- Upgrade to the first release that includes remote attachment path validation.
- If remote attachments are not required, disable iMessage attachment ingestion.
- Run OpenClaw under least privilege on the remote host.
OpenClaw thanks @zpbrent for reporting.
- Package:
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-03-03T19:58:32Z", "severity": "HIGH", "nvd_published_at": "2026-03-19T22:16:38Z", "cwe_ids": [ "CWE-22" ] }- References
-
- https://github.com/openclaw/openclaw/security/advisories/GHSA-x9cf-3w63-rpq9
- https://nvd.nist.gov/vuln/detail/CVE-2026-32030
- https://github.com/openclaw/openclaw/commit/1316e5740382926e45a42097b4bfe0aef7d63e8e
- https://github.com/openclaw/openclaw
- https://www.vulncheck.com/advisories/openclaw-sensitive-file-disclosure-via-stagesandboxmedia-path-traversal
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw