Publish GHSA-x9cf-3w63-rpq9

advisory-database[bot] · advisory-database[bot] · commit 7ab418130c11 · 2026-03-27T22:04:25.000Z
diff --git a/advisories/github-reviewed/2026/03/GHSA-x9cf-3w63-rpq9/GHSA-x9cf-3w63-rpq9.json b/advisories/github-reviewed/2026/03/GHSA-x9cf-3w63-rpq9/GHSA-x9cf-3w63-rpq9.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x9cf-3w63-rpq9",
-  "modified": "2026-03-19T22:27:03Z",
+  "modified": "2026-03-27T22:02:29Z",
   "published": "2026-03-03T19:58:32Z",
   "aliases": [
     "CVE-2026-32030"
   ],
   "summary": "OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia",
   "details": "### Summary\nWhen iMessage remote attachment fetching is enabled (`channels.imessage.remoteHost`), `stageSandboxMedia` accepted arbitrary absolute paths and used SCP to copy them into local staging.\n\nIf a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the remote host can be staged.\n\n### Affected Packages / Versions\n- Package: `openclaw`\n- Affected: up to and including `2026.2.17` (latest npm version as of February 19, 2026)\n- Fixed: pending next release with remote attachment path validation\n\n### Impact\nConfidentiality impact. An attacker who can influence inbound attachment path metadata may disclose files readable by the OpenClaw process on the configured remote host.\n\n### Attack Preconditions\n1. iMessage attachments enabled (`channels.imessage.includeAttachments=true`), and\n2. remote attachment mode active (`channels.imessage.remoteHost` configured or auto-detected), and\n3. attacker can inject/tamper with attachment path metadata.\n\nGiven these preconditions, this advisory is assessed as **medium** severity.\n\n\n## Fix Commit(s)\n- `1316e5740382926e45a42097b4bfe0aef7d63e8e`\n\n### Release Process Note\n`patched_versions` should be set to the next released npm version that includes remote attachment path validation, then the advisory can be published.\n\n### Mitigation\n- Upgrade to the first release that includes remote attachment path validation.\n- If remote attachments are not required, disable iMessage attachment ingestion.\n- Run OpenClaw under least privilege on the remote host.\n\nOpenClaw thanks @zpbrent for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
@@ -40,13 +44,21 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x9cf-3w63-rpq9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32030"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/1316e5740382926e45a42097b4bfe0aef7d63e8e"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-sensitive-file-disclosure-via-stagesandboxmedia-path-traversal"
     }
   ],
   "database_specific": {
@@ -56,6 +68,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-03T19:58:32Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-19T22:16:38Z"
   }
 }
