{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/local-file-inclusion/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["openclaw","local-file-inclusion","unc-path"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw versions 2026.4.7 through 2026.4.14 are vulnerable to a local-root containment bypass in the webchat media embedding feature. This flaw allows a malicious actor to craft a tool-result media reference with a local file path or UNC path that bypasses the intended \u003ccode\u003elocalRoots\u003c/code\u003e containment policy. The vulnerability resides in the handling of media paths during webchat media block preparation on the host side. Successful exploitation could lead to the disclosure of allowed host files or the exposure of network credentials on Windows systems. The issue was reported by @Kherrisan and patched in OpenClaw version 2026.4.15.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious tool-result that contains a media reference with a file path intended to bypass local-root containment (e.g., a path outside the allowed \u003ccode\u003elocalRoots\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe user interacts with the malicious tool-result within the OpenClaw webchat interface.\u003c/li\u003e\n\u003cli\u003eThe webchat media embedding functionality attempts to normalize the media reference.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the crafted file path bypasses the \u003ccode\u003elocalRoots\u003c/code\u003e containment check.\u003c/li\u003e\n\u003cli\u003eThe host system attempts to read the file from the specified path (either local or UNC).\u003c/li\u003e\n\u003cli\u003eIf successful, the file content is potentially exposed. On Windows, the system might attempt to access a UNC path, potentially exposing network credentials.\u003c/li\u003e\n\u003cli\u003eThe webchat media block is prepared with the (potentially exposed) file content.\u003c/li\u003e\n\u003cli\u003eAlthough the vulnerability is triggered host-side before the user sees the final rendered result, sensitive information could be leaked.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to the disclosure of sensitive files on the host system. On Windows systems, exploitation may result in the exposure of network credentials if a UNC path is accessed. While the severity is medium because exploitation depends on a tool-result media path reaching the webchat embedding path, the sink is a host-side file read before the user sees the rendered result. This impacts OpenClaw installations running versions 2026.4.7 through 2026.4.14.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.15 or later to patch the vulnerability. The fix hardens the webchat media path and shared media resolver, rejecting remote-host \u003ccode\u003efile://\u003c/code\u003e URLs and Windows network paths.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious OpenClaw UNC Path Access\u003c/code\u003e to identify attempts to access UNC paths via OpenClaw.\u003c/li\u003e\n\u003cli\u003eReview the code changes in commits \u003ccode\u003e1470de5d3e0970856d86cd99336bb8ada3fe87da\u003c/code\u003e, \u003ccode\u003e6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde\u003c/code\u003e, and \u003ccode\u003e52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc\u003c/code\u003e to understand the implemented security measures in version 2026.4.15.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T12:00:00Z","date_published":"2026-04-18T12:00:00Z","id":"/briefs/2026-04-openclaw-local-root-bypass/","summary":"A vulnerability in OpenClaw versions 2026.4.7 to before 2026.4.15 allows a crafted tool-result media reference to cause the host to attempt local file reads or Windows UNC/network path access, potentially disclosing files or network credentials.","title":"OpenClaw Webchat Media Embedding Local-Root Containment Bypass","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-local-root-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Local-File-Inclusion","version":"https://jsonfeed.org/version/1.1"}