OpenClaw Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 through 2026.4.9 are vulnerable to a sandbox media normalization bypass. This vulnerability occurs due to a failure to properly normalize Discord event cover image parameters during media processing. An attacker can exploit this flaw to inject arbitrary host-local media references into channel action paths. This can potentially lead to unauthorized access to sensitive data or execution of arbitrary code within the context of the OpenClaw application. The vulnerability was reported on May 5, 2026, and affects versions prior to 2026.4.10.

Attack Chain

1. An attacker crafts a malicious Discord event containing a specially crafted cover image parameter.
2. The malicious event is submitted to the OpenClaw application.
3. OpenClaw’s media processing component fails to properly normalize the cover image parameter.
4. The attacker’s crafted host-local media reference is injected into a channel action path.
5. The application attempts to access the attacker-specified local resource.
6. Depending on the permissions and context of the OpenClaw application, the attacker may be able to read local files or trigger other actions.
7. The attacker gains unauthorized access to sensitive information or achieves code execution.

Impact

Successful exploitation of this vulnerability could allow an attacker to read arbitrary files from the OpenClaw server or potentially achieve remote code execution within the application’s context. The severity is high because the attacker can leverage the application’s trust in normalized media to perform actions outside the intended scope.

Recommendation

• Upgrade OpenClaw to version 2026.4.10 or later to patch CVE-2026-43532.
• Monitor OpenClaw logs for any attempts to access unusual or unexpected file paths.