Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw Allows Attackers to Inject Malicious Code in Images
GHSA-2ww6-868g-2c56
Summary
A security issue in OpenClaw allows attackers to inject malicious code into images, which can execute when the image is opened in a web browser. This can happen when an attacker controls image entries in session data. To fix this, OpenClaw developers have added a check to ensure that only trusted image types are allowed, preventing this type of attack. You should keep your OpenClaw installation up to date to avoid this issue.
What to do
- Update openclaw to version 2026.2.23.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.23 | 2026.2.23 |
Original title
OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation
Original description
## Summary
The HTML session exporter (`src/auto-reply/reply/export-html/template.js`) interpolates `img.mimeType` directly into `<img src="data:...">` attributes without validation or escaping. A crafted `mimeType` value (e.g., `x" onerror="alert(1)`) can break out of the attribute context and execute arbitrary JavaScript.
## Impact
An attacker who can control image entries in session data (via crafted tool results or session manipulation) can achieve XSS when the exported HTML is opened. The precondition is tighter than the main XSS finding (requires image content blocks with a malicious mimeType), but exploitation is straightforward.
## Affected components
- `src/auto-reply/reply/export-html/template.js` — line 1032 (tool result images), line 1306 (user message images)
## Reproduction
1. Craft a session entry with an image content block where `mimeType` is set to `image/png" onerror="alert(document.domain)`
2. Export the session to HTML
3. Open the exported HTML — the injected `onerror` fires
## Remediation
- Added `sanitizeImageMimeType()` helper that validates mimeType against a whitelist of known image MIME types
- Falls back to `application/octet-stream` for unrecognized values, preventing attribute breakout
## Fix
https://github.com/openclaw/openclaw/pull/24140
The HTML session exporter (`src/auto-reply/reply/export-html/template.js`) interpolates `img.mimeType` directly into `<img src="data:...">` attributes without validation or escaping. A crafted `mimeType` value (e.g., `x" onerror="alert(1)`) can break out of the attribute context and execute arbitrary JavaScript.
## Impact
An attacker who can control image entries in session data (via crafted tool results or session manipulation) can achieve XSS when the exported HTML is opened. The precondition is tighter than the main XSS finding (requires image content blocks with a malicious mimeType), but exploitation is straightforward.
## Affected components
- `src/auto-reply/reply/export-html/template.js` — line 1032 (tool result images), line 1306 (user message images)
## Reproduction
1. Craft a session entry with an image content block where `mimeType` is set to `image/png" onerror="alert(document.domain)`
2. Export the session to HTML
3. Open the exported HTML — the injected `onerror` fires
## Remediation
- Added `sanitizeImageMimeType()` helper that validates mimeType against a whitelist of known image MIME types
- Falls back to `application/octet-stream` for unrecognized values, preventing attribute breakout
## Fix
https://github.com/openclaw/openclaw/pull/24140
ghsa CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026