CVE-2026-42424
Published
CVSS v3
5.7
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub