top of page
perceptive_background_267k.jpg

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media norma…

Published:

4 May 2026 at 22:00:00

Alert date:

5 May 2026 at 20:13:49

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Email & Messaging

OpenClaw versions 2026.4.7 before 2026.4.10 contain a vulnerability where Discord event cover image parameters fail to be properly normalized during sandbox media processing. This flaw allows attackers to bypass media normalization controls and inject host-local media references into channel action paths that expect normalized media. The vulnerability affects the application's ability to safely process Discord event cover images within its sandboxed environment. Successful exploitation could lead to unauthorized access to local media resources. The issue has been addressed in version 2026.4.10 and later releases.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-43532
https://github.com/openclaw/openclaw/commit/979c6f09d6fad96596feb91c905934be7e0b4f15
https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh
https://www.vulncheck.com/advisories/openclaw-sandbox-media-normalization-bypass-via-discord-event-cover-image

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page