{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-43533/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.6,"id":"CVE-2026-43533"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["high"],"_cs_tags":["arbitrary file read","path traversal","CVE-2026-43533"],"_cs_type":"advisory","_cs_vendors":["openclaw"],"content_html":"\u003cp\u003eOpenClaw before version 2026.4.10 is susceptible to an arbitrary file read vulnerability (CVE-2026-43533) affecting the QQBot media tag functionality. This flaw enables an attacker to craft malicious reply text containing manipulated media tags that reference paths outside the intended media storage boundary, leading to the disclosure of arbitrary local files. Exploitation occurs through outbound media handling, potentially exposing sensitive information stored on the host system. This vulnerability allows unauthorized access to local files, which could include configuration files, user data, or other sensitive information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an OpenClaw instance running a version prior to 2026.4.10 with QQBot enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious message containing a QQBot media tag referencing a file path outside the intended media storage directory (e.g., using \u0026ldquo;../\u0026rdquo; sequences for path traversal).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious message to a user or bot connected to the vulnerable OpenClaw instance.\u003c/li\u003e\n\u003cli\u003eThe OpenClaw instance parses the message and attempts to process the media tag.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the OpenClaw instance reads the file specified in the malicious media tag, regardless of its location on the filesystem.\u003c/li\u003e\n\u003cli\u003eThe contents of the file are then included in the outbound media handling process, potentially being sent to another user or external service.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the file contents, achieving arbitrary file read on the vulnerable system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-43533 allows an attacker to read arbitrary files on the system running the vulnerable OpenClaw instance. This could lead to the disclosure of sensitive information, such as configuration files, credentials, or user data. The vulnerability affects all installations of OpenClaw prior to version 2026.4.10 that have QQBot enabled. The impact is significant because an attacker can potentially gain complete control over the affected system by gaining access to sensitive configuration or credential files.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.10 or later to patch CVE-2026-43533.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on QQBot media tags to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Path Traversal in OpenClaw QQBot Media Tags\u003c/code\u003e to identify exploitation attempts in your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T12:16:19Z","date_published":"2026-05-05T12:16:19Z","id":"/briefs/2026-05-openclaw-file-read/","summary":"OpenClaw before 2026.4.10 is vulnerable to an arbitrary file read via specially crafted QQBot media tags, allowing attackers to disclose local files through outbound media handling.","title":"OpenClaw Arbitrary File Read Vulnerability via QQBot Media Tags (CVE-2026-43533)","url":"https://feed.craftedsignal.io/briefs/2026-05-openclaw-file-read/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-43533","version":"https://jsonfeed.org/version/1.1"}