wid-sec-w-2026-0856 · Published 2026-03-24 · View on BSI CERT-Bund ↗

OpenClaw: Multiple Vulnerabilities

CVSS 8.7 HIGH

Risk Summary

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended access restrictions.

CVEs (14)

CVE-2026-34510 CVE-2026-35618 CVE-2026-35622 CVE-2026-35624 CVE-2026-35626 CVE-2026-35627 CVE-2026-35631 CVE-2026-35633 CVE-2026-35634 CVE-2026-35635 CVE-2026-35637 CVE-2026-35638 CVE-2026-35639 CVE-2026-35644

Affected Vendors

Open Source

Affected Products (2)

Open Source · OpenClaw <2026.3.22

Open Source · OpenClaw 2026.3.22

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more