Plattform
nodejs
Komponente
openclaw
Behoben in
2026.2.15
2026.2.14
CVE-2026-26321 describes a Local File Inclusion (LFI) vulnerability within the OpenClaw Node.js extension. This flaw allows attackers, potentially through prompt injection, to treat attacker-controlled mediaUrl values as local filesystem paths, enabling them to read sensitive files directly. The vulnerability affects versions prior to 2026.2.14, and a fix is available in version 2026.2.14 and later.
The primary impact of CVE-2026-26321 lies in the potential for unauthorized access to sensitive local files. An attacker who can influence tool calls within the OpenClaw extension can supply malicious mediaUrl values representing paths to critical system files, such as /etc/passwd, configuration files, or other sensitive data. Successful exploitation could lead to the exfiltration of credentials, configuration details, or other confidential information. The blast radius is limited to the system where the OpenClaw extension is running, but the compromise of credentials could facilitate lateral movement within the network.
CVE-2026-26321 was publicly disclosed on February 17, 2026. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature suggests that a PoC could be developed relatively easily. The EPSS score is likely to be assessed as medium, given the potential for data exfiltration and the relative ease of exploitation.
Applications and systems utilizing the OpenClaw Node.js extension, particularly those with prompt injection vulnerabilities or inadequate input validation, are at risk. This includes environments where the extension is used to process user-supplied data or interact with external services.
• nodejs / supply-chain:
npm list opencLaw• nodejs / supply-chain:
npm audit opencLaw• generic web:
curl -I 'http://your-application/sendMediaFeishu' # Check for endpoint exposuredisclosure
Exploit-Status
EPSS
0.03% (7% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2026-26321 is to immediately upgrade the OpenClaw extension to version 2026.2.14 or a later patched version. This update removes the direct local file reads from the vulnerable path and routes media loading through hardened handlers, effectively preventing the exploitation of this vulnerability. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, carefully review the OpenClaw documentation for potential configuration workarounds or temporary fixes. Monitor system logs for any suspicious activity related to file access or media loading.
Actualice OpenClaw a la versión 2026.2.14 o posterior. Esta versión corrige la vulnerabilidad de divulgación de archivos locales al restringir el acceso directo a archivos locales y utilizar helpers reforzados para la carga de medios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-26321 is a Local File Inclusion vulnerability in the OpenClaw Node.js extension, allowing attackers to read local files via manipulated media URLs.
You are affected if you are using OpenClaw versions prior to 2026.2.14 and are vulnerable to prompt injection or have inadequate input validation.
Upgrade OpenClaw to version 2026.2.14 or later. Implement stricter input validation on the mediaUrl parameter as a temporary workaround.
Currently, there is no confirmed active exploitation of CVE-2026-26321, but the vulnerability's nature warrants immediate attention.
Refer to the official OpenClaw project documentation and security advisories for the latest information and updates regarding CVE-2026-26321.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.