NextGuard
UNKNOWNGHSA-f6pf-4gjx-c94r

OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Platform

nodejs

Component

openclaw

Fixed in

2026.3.28

View on GitHub Advisory

## Summary OpenClaw <= 2026.3.24 Media Parsing Path Traversal to Arbitrary File Read ## Affected Packages / Versions - Package: `openclaw` (npm) - Latest published npm version: `2026.3.31` - Vulnerable version range: `<=2026.3.24` - Patched versions: `>= 2026.3.28` - First stable tag containing the fix: `v2026.3.28` ## Fix Commit(s) - `4797bbc5b96e2cca5532e43b58915c051746fe37` — 2026-03-25T13:35:16-06:00 ## Release Process Note - The fix is already present in released version `2026.3.28`.

How to fix

No official patch available. Check for workarounds or monitor for updates.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
GHSA-f6pf-4gjx-c94r — Vulnerability Details | NextGuard | NextGuard