GHSA-hr5v-j9h9-xjhg: OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)
Summary
OpenClaw has a path traversal vulnerability (CWE-22, a type of attack where an attacker uses special characters like ../ to access files outside their intended directory) that allows sandboxed agents to read files from other agents' workspaces. The vulnerability exists because the sandbox validation function only checks certain parameter keys (media, path, filePath) but misses mediaUrl and fileUrl, which are actually used by messaging extensions. Additionally, a separate function fails to pass the sandbox root restrictions to plugins, allowing them to read the entire ~/.openclaw/ directory instead of just an individual agent's folder.
Solution / Mitigation
Fixed in OpenClaw 2026.3.24, the current shipping release.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-hr5v-j9h9-xjhg
First tracked: March 30, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%