CVE-2026-32030

HIGH7.5EPSS 0.08%

OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia

發布日:2026/3/3修改日:2026/3/27

描述

### Summary When iMessage remote attachment fetching is enabled (`channels.imessage.remoteHost`), `stageSandboxMedia` accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the remote host can be staged. ### Affected Packages / Versions - Package: `openclaw` - Affected: up to and including `2026.2.17` (latest npm version as of February 19, 2026) - Fixed: pending next release with remote attachment path validation ### Impact Confidentiality impact. An attacker who can influence inbound attachment path metadata may disclose files readable by the OpenClaw process on the configured remote host. ### Attack Preconditions 1. iMessage attachments enabled (`channels.imessage.includeAttachments=true`), and 2. remote attachment mode active (`channels.imessage.remoteHost` configured or auto-detected), and 3. attacker can inject/tamper with attachment path metadata. Given these preconditions, this advisory is assessed as **medium** severity. ## Fix Commit(s) - `1316e5740382926e45a42097b4bfe0aef7d63e8e` ### Release Process Note `patched_versions` should be set to the next released npm version that includes remote attachment path validation, then the advisory can be published. ### Mitigation - Upgrade to the first release that includes remote attachment path validation. - If remote attachments are not required, disable iMessage attachment ingestion. - Run OpenClaw under least privilege on the remote host. OpenClaw thanks @zpbrent for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
osvCVSS 3.1HIGH7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(5)