Zero Day MonitorZDM

← Back to list

7.7

CVE-2026-35668EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters

Description

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	openclaw	cert_advisory	90%

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-hr5v-j9h9-xjhg(third-party-advisory)
https://www.vulncheck.com/advisories/openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters(third-party-advisory)

Related News (2 articles)

Tier B

BSI Advisories5h ago

[NEU] [hoch] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-35668 | OpenClaw up to 2026.3.23 Configuration Data fileUrl path traversal (GHSA-hr5v-j9h9-xjhg)

→ No new info (linked only)

CVSS 3.17.7 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

openclaw@2026.3.24

CWECWE-22

PublishedApr 10, 2026

Last enriched2d agov2

Trending Score58

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-25253EXPKEV

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CRITICALCVE-2026-35647EXP

OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices

CRITICALCVE-2026-35663EXP

OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

CRITICALCVE-2026-35669EXP

OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

NONECVE-2026-35620EXP

OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026

Updated: affectedVersions, severity, activelyExploited

Apr 10, 2026

Actively Exploited

Apr 10, 2026

Patch Available

Apr 10, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated affected versions to < 2026.3.23, changed severity to CRITICAL, and noted that the vulnerability is actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v13d ago

Initial creation