CNNVD-202602-583 Information

CNNVD ID

CNNVD-202602-583

Related CVE

CVE-2026-25475

• CNNVD Published: 2026-02-04

Description (Chinese)

OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.1.30之前版本存在信息泄露漏洞，该漏洞源于isValidMedia函数允许任意文件路径，可能导致读取任意文件和敏感数据泄露。

Description (English)

OpenClaw is an intellectual assistant at the OpenClaw Open Source. There is a leak in the pre-OpenClaw 2026.1.30 version, which stems from the fact that the IsValidMedia function allows for any file path that may lead to the readout of any document and sensitive data.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

openclaw

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-r8g4-86fx-92mq

Patch

https://openclaw.ai/