CVE-2026-43533

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,9

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling.

Relative Path Traversal

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific, Web Based

View CWE Details

https://github.com/openclaw/openclaw/commit/604777e4414cc3b…

https://github.com/openclaw/openclaw/commit/604777e4414cc3b2ff8861f18f4fb04374c…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h

https://www.vulncheck.com/advisories/openclaw-arbitrary-loc…

https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-qqb…

CVE-2026-43533

Description

Relative Path Traversal

Common Consequences

Applicable Platforms

Iscriviti alla newsletter