CVE-2026-43532

OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

CVSS 4.9 MEDIUMEPSS 0.3%CWE-184

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.9EPSS 0.3%KEV nãoPoC —Patch referenciado

Ciclo de vida

05 mai 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Produtos afetados

OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/openclaw/openclaw/commit/979c6f09d6fad96596feb91c905934be7e0b4f15 https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh https://www.vulncheck.com/advisories/openclaw-sandbox-media-normalization-bypass-via-discord-event-cover-image