exploitDog

CVE-2026-25475

Опубликовано: 04 фев. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30.

Ссылки

https://github.com/openclaw/openclaw/security/advisories/GHSA-r8g4-86fx-92mq

EPSS

Процентиль: 52%

0.00287

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-r8g4-86fx-92mq

CVSS3: 6.5

github

3 дня назад

OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction

EPSS

Процентиль: 52%

0.00287

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22