{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/normalization-bypass/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-43532"}],"_cs_exploited":false,"_cs_products":["OpenClaw (\u003e= 2026.4.7, \u003c 2026.4.10)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","normalization bypass","sandbox escape"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eOpenClaw versions 2026.4.7 through 2026.4.9 are vulnerable to a sandbox media normalization bypass. This vulnerability occurs due to a failure to properly normalize Discord event cover image parameters during media processing. An attacker can exploit this flaw to inject arbitrary host-local media references into channel action paths. This can potentially lead to unauthorized access to sensitive data or execution of arbitrary code within the context of the OpenClaw application. The vulnerability was reported on May 5, 2026, and affects versions prior to 2026.4.10.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Discord event containing a specially crafted cover image parameter.\u003c/li\u003e\n\u003cli\u003eThe malicious event is submitted to the OpenClaw application.\u003c/li\u003e\n\u003cli\u003eOpenClaw\u0026rsquo;s media processing component fails to properly normalize the cover image parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s crafted host-local media reference is injected into a channel action path.\u003c/li\u003e\n\u003cli\u003eThe application attempts to access the attacker-specified local resource.\u003c/li\u003e\n\u003cli\u003eDepending on the permissions and context of the OpenClaw application, the attacker may be able to read local files or trigger other actions.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information or achieves code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow an attacker to read arbitrary files from the OpenClaw server or potentially achieve remote code execution within the application\u0026rsquo;s context. The severity is high because the attacker can leverage the application\u0026rsquo;s trust in normalized media to perform actions outside the intended scope.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.10 or later to patch CVE-2026-43532.\u003c/li\u003e\n\u003cli\u003eMonitor OpenClaw logs for any attempts to access unusual or unexpected file paths.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T12:16:19Z","date_published":"2026-05-05T12:16:19Z","id":"/briefs/2026-05-openclaw-media-bypass/","summary":"OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing, allowing attackers to bypass media normalization and inject host-local media references into channel action paths expecting normalized media.","title":"OpenClaw Sandbox Media Normalization Bypass via Discord Event Cover Image","url":"https://feed.craftedsignal.io/briefs/2026-05-openclaw-media-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Normalization Bypass","version":"https://jsonfeed.org/version/1.1"}