CVE-2026-27522

Description

## Impact `sendAttachment` and `setGroupIcon` message actions could hydrate media from local absolute paths when `sandboxRoot` was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered. ## Affected Packages / Versions - Package: `openclaw` (npm) - Latest published npm version at triage: `2026.2.23` - Vulnerable: `<= 2026.2.23` - Patched in code: `>= 2026.2.24` (planned next release) ## Remediation Upgrade to `openclaw` `2026.2.24` or later once published. ## Fix Commit(s) - 270ab03e379f9653e15f7033c9830399b66b7e51 ## Release Process Note `patched_versions` is pre-set to the planned next release (`>= 2026.2.24`). Once that npm release is published, this advisory can be published without further field edits. OpenClaw thanks @GCXWLP for reporting. ### Publication Update (2026-02-25) `[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.

How to fix CVE-2026-27522

To remediate CVE-2026-27522, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.24 or later

Is CVE-2026-27522 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2026.2.24

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-27522
• PATCHgithub.com/openclaw/openclaw
• WEBgithub.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51
• WEBgithub.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm