OpenClaw: Files outside sandbox root can be read from media

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

OpenClaw: Files outside sandbox root can be read from media

GHSA-7xmq-g46g-f8pv

Summary

The OpenClaw software has a design flaw that could allow it to read files outside the intended safe area. This could happen when a user attaches media, such as an image, and could potentially allow the software to access sensitive files on the computer. To fix this, update to version 2026.3.1 or later.

What to do

Update openclaw to version 2026.3.1.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.1	2026.3.1

Original title

OpenClaw: Sandbox media TOCTOU could read files outside sandbox root

Original description

### Summary
Sandbox media handling had a time-of-check/time-of-use gap: media paths could be validated first and read later through a separate path. A symlink retarget between those steps could cause reads outside `sandboxRoot`.

### Impact
Affected versions could permit host file reads outside the intended sandbox root in media attachment/image flows.

### Fix
Media reads now use consolidated root-scoped, boundary-safe read paths at use time, removing check/use drift across call sites.

### Affected and Patched Versions
- Affected: `<= 2026.2.26`
- Patched: `2026.3.1`

ghsa CVSS4.0 8.7

Vulnerability type

CWE-59 Link Following

CWE-367

Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026