GHSA-x9cf-3w63-rpq9: OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia

March 3, 2026

When iMessage remote attachment fetching is enabled (channels.imessage.remoteHost), stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging.

If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the remote host can be staged.

References

github.com/advisories/GHSA-x9cf-3w63-rpq9
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/1316e5740382926e45a42097b4bfe0aef7d63e8e
github.com/openclaw/openclaw/security/advisories/GHSA-x9cf-3w63-rpq9

Code Behaviors & Features

Detect and mitigate GHSA-x9cf-3w63-rpq9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →