CVE-2026-27522

描述

## Impact `sendAttachment` and `setGroupIcon` message actions could hydrate media from local absolute paths when `sandboxRoot` was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered. ## Affected Packages / Versions - Package: `openclaw` (npm) - Latest published npm version at triage: `2026.2.23` - Vulnerable: `<= 2026.2.23` - Patched in code: `>= 2026.2.24` (planned next release) ## Remediation Upgrade to `openclaw` `2026.2.24` or later once published. ## Fix Commit(s) - 270ab03e379f9653e15f7033c9830399b66b7e51 ## Release Process Note `patched_versions` is pre-set to the planned next release (`>= 2026.2.24`). Once that npm release is published, this advisory can be published without further field edits. OpenClaw thanks @GCXWLP for reporting. ### Publication Update (2026-02-25) `[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.

受影響套件(1)

• npm/openclawfrom 0, < 2026.2.24

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27522
• PATCHhttps://github.com/openclaw/openclaw
• WEBhttps://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51
• WEBhttps://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm
• WEBhttps://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions