GHSA-gfg9-5357-hv4c: OpenClaw: Webchat audio embedding could read local files without local-root containment
Summary
OpenClaw versions before 2026.4.15 had a security flaw where the webchat audio embedding feature could read local files from the host system without proper security checks. An attacker who could control the output of an agent or tool could trick the system into embedding audio files from the host into chat responses, bypassing the containment restrictions that protect other file-serving paths.
Solution / Mitigation
Upgrade to OpenClaw version 2026.4.15 or later (the latest public release 2026.4.21 also contains the fix). The fix works by adding the local media root containment check to the webchat audio path and calling `assertLocalMediaAllowed` before reading local audio content. An additional `trustedLocalMedia` gate was added to prevent untrusted model or tool outputs from accessing local audio embedding.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-gfg9-5357-hv4c
First tracked: April 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%