GHSA-fqcm-97m6-w7rm: OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset

March 2, 2026

sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered.

References

github.com/advisories/GHSA-fqcm-97m6-w7rm
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51
github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm

Code Behaviors & Features

Detect and mitigate GHSA-fqcm-97m6-w7rm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →