CVE-2026-29611
OpenClaw has a LFI in BlueBubbles media path handling
Description
### Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via `mediaPath` and could read arbitrary local files from disk before sending them as media attachments. ### Details When `sendBlueBubblesMedia` received a non-HTTP media source, the previous implementation resolved it to a local path and read it directly from disk. There was no required allowlist of safe directories, so values like `/etc/passwd` (or equivalent sensitive paths on other platforms) could be requested and exfiltrated. The fix hardens local media loading by requiring explicit configured roots (`channels.bluebubbles.mediaLocalRoots`) and by enforcing canonical-path containment checks before reading local files. Paths outside allowed roots are rejected. Fix PR: https://github.com/openclaw/openclaw/pull/16322 Fix commit: https://github.com/openclaw/openclaw/commit/71f357d9498cebb0efe016b0496d5fbe807539fc ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `< v2026.2.14` - Fixed: `>= v2026.2.14` (planned) ### Impact An attacker able to trigger BlueBubbles media sends could exfiltrate local files accessible to the OpenClaw process. ### Remediation Upgrade to a release that includes commit `71f357d9498cebb0efe016b0496d5fbe807539fc` and configure `channels.bluebubbles.mediaLocalRoots` to explicit trusted directories.
How to fix CVE-2026-29611
To remediate CVE-2026-29611, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.14 or later
Is CVE-2026-29611 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.14