Arbitrary-File-Read — CraftedSignal Threat Feed

Salon Booking System WordPress Plugin Arbitrary File Read Vulnerability

hello@craftedsignal.io — Sat, 02 May 2026 12:16:16 +0000

The Salon Booking System – Free Version plugin for WordPress, versions up to and including 10.30.25, contains an arbitrary file read vulnerability. This flaw stems from the plugin’s public booking flow, where it accepts attacker-controlled file-field values. These values are subsequently used as trusted paths when creating email attachments for booking confirmations. This allows an unauthenticated attacker to supply a path to any file accessible to the web server, triggering its inclusion as an attachment in the booking confirmation email, effectively enabling arbitrary file exfiltration. Exploitation requires no authentication and can be triggered remotely.

Attack Chain

An unauthenticated attacker accesses the public booking form of a WordPress site running the vulnerable Salon Booking System plugin.
The attacker crafts a malicious request to the booking form, injecting a file path (e.g., /etc/passwd) into a file-field parameter.
The plugin processes the booking request and stores the attacker-supplied file path.
The plugin generates a booking confirmation email.
The plugin uses the stored, attacker-controlled file path to attach the specified file to the confirmation email.
The booking confirmation email, now containing the arbitrary file as an attachment, is sent to the user who initiated the booking (which could be the attacker or an unwitting third party).
The attacker retrieves the email (if sent to the attacker) or intercepts it (if sent to a third party) and extracts the attached file.
The attacker gains unauthorized access to the contents of the exfiltrated file.

Impact

Successful exploitation of this vulnerability allows unauthenticated attackers to read arbitrary files from the affected WordPress server. This could lead to the disclosure of sensitive information, such as configuration files, database credentials, or other confidential data. The vulnerability affects versions of the Salon Booking System plugin up to and including 10.30.25. The number of affected WordPress installations is unknown, but could be substantial given the plugin’s popularity.

Recommendation

Upgrade the Salon Booking System plugin to the latest version to patch CVE-2026-6320.
Monitor web server logs (category webserver, product linux) for suspicious requests containing absolute or relative file paths in file-field parameters, using a detection rule similar to the ones provided below.
Implement strict input validation and sanitization for all user-supplied data, especially file paths.
Review and restrict file system permissions to limit the files accessible to the web server process.

OpenClaw Arbitrary File Read and Credential Exfiltration Vulnerability

hello@craftedsignal.io — Fri, 03 Apr 2026 02:53:58 +0000

The openclaw npm package, versions 2026.3.28 and earlier, contains a vulnerability related to media local roots self-whitelisting in the appendLocalMediaParentRoots function. This flaw enables a malicious model to initiate arbitrary file reads on the host system. While the tool-fs root expansion requires prior configuration, the vulnerability can still be exploited, resulting in a narrower impact than a default-critical scenario. The vulnerability was reported by @tdjackey and patched in version 2026.3.31. Defenders should ensure they are running version 2026.3.31 or later of the openclaw package to mitigate the risk of arbitrary file read and potential credential exfiltration.

Attack Chain

A malicious actor crafts or modifies an existing OpenClaw model.
The model includes instructions to trigger the appendLocalMediaParentRoots function within the src/media/local-roots.ts file.
Due to the self-whitelisting behavior, the function expands the allowed media parent directories, potentially including sensitive system directories.
The model leverages the expanded directory access to request the reading of arbitrary files on the host system.
The openclaw application processes the model’s file read request without proper validation due to the bypassed whitelisting.
Sensitive files, such as configuration files or credential stores, are read by the application.
The extracted data, including credentials, are then potentially exfiltrated by the malicious model.
The attacker gains unauthorized access to sensitive data or systems.

Impact

Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the host system where the openclaw application is running. This can lead to the exfiltration of sensitive information, including credentials, API keys, or other confidential data. While the exact number of affected installations is unknown, any system running a vulnerable version of the openclaw package (<=2026.3.28) is susceptible. The impact is narrowed because the tool-fs root expansion requires prior configuration.

Recommendation

Upgrade the openclaw npm package to version 2026.3.31 or later to remediate the vulnerability (reference: Affected Packages / Versions).
Implement input validation and sanitization to prevent arbitrary file paths from being processed by the appendLocalMediaParentRoots function (reference: src/media/local-roots.ts).
Deploy the Sigma rule to detect attempts to access sensitive files via the openclaw application (reference: Sigma rule below).
Review and restrict the tool-fs root expansion configuration to minimize the impact of potential exploitation (reference: Current Maintainer Triage).

i18next-fs-backend Path Traversal Vulnerability

hello@craftedsignal.io — Thu, 25 Jan 2024 12:00:00 +0000

The i18next-fs-backend library, a file system backend for the i18next internationalization framework, is vulnerable to a path traversal attack in versions prior to 2.6.4. This vulnerability arises from the unsanitized use of the lng (language) and ns (namespace) parameters when constructing file paths for loading and writing locale files. If an application exposes the language code to user input, an attacker can craft a malicious lng or ns value containing directory traversal sequences (e.g., ../) to escape the intended locale directory. Successful exploitation can lead to arbitrary file read, arbitrary file overwrite, and, if .js or .ts files are used for localization, arbitrary code execution. This vulnerability highlights the importance of input validation, especially when constructing file paths from user-controlled data. The vulnerability was patched in version 2.6.4.

Attack Chain

An attacker identifies an application using a vulnerable version of i18next-fs-backend (versions prior to 2.6.4) and exposes the language code to user input via query parameters (e.g., ?lng=), cookies, or request headers.
The attacker crafts a malicious lng value containing directory traversal sequences, such as ../../../../etc, to target sensitive files outside the intended locale directory.
The attacker sends a request to the application with the crafted lng parameter.
The application passes the unsanitized lng value to the i18next.t() function.
The i18next-fs-backend library interpolates the malicious lng value into the loadPath configuration option, without proper validation. For example, loadPath: '/locales/{{lng}}/{{ns}}.json' becomes /locales/../../../../etc/{{ns}}.json.
The backend attempts to read the file specified by the crafted path (e.g., /etc/passwd).
If successful, the contents of the targeted file are returned as a translation resource, potentially exposing sensitive information. If the attacker crafted the lng or ns value to point to a .js or .ts file containing malicious code, the backend will execute the file using eval(), leading to arbitrary code execution on the server.
Alternatively, if the application attempts to write a missing translation key using the crafted path (via addPath), the attacker could overwrite arbitrary files on the system, potentially leading to application compromise.

Impact

Successful exploitation of this vulnerability can have severe consequences. Arbitrary file read allows attackers to access sensitive data, such as configuration files, database credentials, or application source code. Arbitrary file overwrite can lead to application malfunction or complete compromise. If the application uses .js or .ts files for localization and the attacker is able to inject malicious code into those files through path traversal, arbitrary code execution can result, potentially allowing the attacker to gain full control of the server. The number of victims depends on the popularity and configuration of applications using the vulnerable i18next-fs-backend library.

Recommendation

Upgrade to i18next-fs-backend version 2.6.4 or later to patch the path traversal vulnerability as this version introduces the isSafePathSegment and interpolatePath functions to sanitize the path.
If upgrading is not immediately feasible, sanitize the lng and ns values at the application boundary before passing them to i18next. Reject values containing .., /, \, control characters, and limit the length to prevent path traversal as mentioned in the advisory.
If using .js or .ts locale files, carefully review them for any suspicious or unexpected code. The advisory highlights that these files must be treated as trusted code.
Monitor web server logs for suspicious requests containing directory traversal sequences in the lng or ns parameters. Deploy the first Sigma rule for this purpose.