CVE-2026-44996— OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding

CVSS 3.7 · Low EPSS 0.04% · P12 Updated May 15, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

Vendor	Product	Version Range	Status
OpenClaw	OpenClaw	`< 2026.4.15`	affected
		`2026.4.15`	unaffected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-44996

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding

Source: NVD (National Vulnerability Database)

Vulnerability Description

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs, read audio-like files, and embed them base64-encoded into webchat responses.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenClaw 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.4.15之前版本存在路径遍历漏洞，该漏洞源于webchat音频嵌入助手未能应用本地媒体根目录包含检查，可能导致攻击者影响代理或工具生成的ReplyPayload.mediaUrl参数解析绝对本地路径或文件URL，读取音频类文件并将其base64编码嵌入webchat响应。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
OpenClaw	OpenClaw	0 ~ 2026.4.15	-

II. Public POCs for CVE-2026-44996

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-44996

请登录查看更多情报信息。

Patch · 1

Same Patch Batch · OpenClaw · 2026-05-11 · 18 CVEs total

CVE-2026-45223	8.8 HIGH	Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection
CVE-2026-45006	8.8 HIGH	OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass
CVE-2026-45004	7.8 HIGH	OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Direct
CVE-2026-44995	7.3 HIGH	OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables
CVE-2026-45001	7.1 HIGH	OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
CVE-2026-45224	7.1 HIGH	Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution
CVE-2026-45005	6.0 MEDIUM	OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation
CVE-2026-44993	5.4 MEDIUM	OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions
CVE-2026-44998	5.4 MEDIUM	OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools
CVE-2026-45002	5.3 MEDIUM	OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping
CVE-2026-44999	5.3 MEDIUM	OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events
CVE-2026-44994	5.3 MEDIUM	OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoi
CVE-2026-45000	5.0 MEDIUM	OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation
CVE-2026-44992	5.0 MEDIUM	OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv
CVE-2026-45003	5.0 MEDIUM	OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files
CVE-2026-44997	4.3 MEDIUM	OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions
CVE-2026-44991	4.2 MEDIUM	OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channe

IV. Related Vulnerabilities

Same product: OpenClaw

Same vendor: OpenClaw

Same weakness: CWE-22

V. Comments for CVE-2026-44996

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-44996— OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

I. Basic Information for CVE-2026-44996

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-44996

III. Intelligence Information for CVE-2026-44996

Same Patch Batch · OpenClaw · 2026-05-11 · 18 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-44996

Leave a comment