Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal
Vulnerability Description
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the OpenClaw process on the configured remote host via SCP.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenClaw 路径遍历漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.19之前版本存在路径遍历漏洞,该漏洞源于stageSandboxMedia函数存在路径遍历问题,可能导致攻击者泄露OpenClaw进程可读取的文件。
CVSS Information
N/A
Vulnerability Type
N/A