CVE-2026-42424 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can…
Medium CVSS: 5.9

CVE-2026-42424

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media.
Vendor
-
Product
-
CWE
CWE-73
Yayın Tarihi
2026-04-28 19:37:46
Güncelleme
2026-04-28 20:10:23
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-73 MEDIUM 2026

Referanslar

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5 https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths