CVE-2026-33581: OpenClaw's message tool media parameter bypasses tool policy filesystem isolation
(updated )
The message tool accepted mediaUrl and fileUrl aliases without applying the same sandbox localRoots validation as the canonical media path handling.
References
- github.com/advisories/GHSA-v8wv-jg3q-qwpq
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416
- github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq
- nvd.nist.gov/vuln/detail/CVE-2026-33581
- www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters
Code Behaviors & Features
Detect and mitigate CVE-2026-33581 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →