Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
OpenClaw: Files and Credentials Can Be Stolen by Malicious Apps
GHSA-57gh-m6rq-54cf
Summary
A security issue in OpenClaw allows malicious apps to read files and steal sensitive information, including login credentials. This issue affects versions of OpenClaw up to 2026.3.28. To fix it, update to version 2026.3.31 or later.
What to do
- Update openclaw to version 2026.3.31.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.28 | 2026.3.31 |
Original title
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration
Original description
## Summary
Media Local Roots Self-Whitelisting in `appendLocalMediaParentRoots` Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: v2026.3.28 still self-whitelists media parent dirs in src/media/local-roots.ts, but only after config already permits tool-fs root expansion, so the impact is narrower than the default-critical framing.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `1ca4261d7e055d0be141ed79ebb1365d0fbc7364` — 2026-03-30T17:15:03+01:00
OpenClaw thanks @tdjackey for reporting.
Media Local Roots Self-Whitelisting in `appendLocalMediaParentRoots` Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: v2026.3.28 still self-whitelists media parent dirs in src/media/local-roots.ts, but only after config already permits tool-fs root expansion, so the impact is narrower than the default-critical framing.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `1ca4261d7e055d0be141ed79ebb1365d0fbc7364` — 2026-03-30T17:15:03+01:00
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
7.2
Vulnerability type
CWE-552
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026