CVE-2026-42438
Published: 05 May 2026
Description
OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to…
more
bypass sender and group-scoped authorization boundaries and retrieve readable local files through the outbound media path.
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Periodic review and update of procedures reduces incorrect authorization implementations over time.
Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.
Defining permitted attribute values and auditing modifications reduces the chance of incorrect authorization outcomes due to tampered or missing labels.
The authorization process and usage restrictions help prevent incorrect authorization for remote access types.
Establishing configuration and connection requirements helps ensure correct rather than incorrect authorization for wireless access.
Establishing connection authorization processes for mobile devices helps ensure authorization decisions are correctly implemented rather than incorrect.
Monitoring account use, notifying on changes, and reviewing accounts for compliance corrects incorrect authorization assignments.
Ensures authorization decisions for external system use are correctly implemented and enforced.
Security SummaryAI
CVE-2026-42438 is a sender policy bypass vulnerability in the outbound host-media attachment read helper of OpenClaw versions 2026.4.9 before 2026.4.10. This flaw enables unauthorized local file disclosure by allowing attackers to circumvent sender and group-scoped authorization boundaries, specifically those enforced via toolsBySender or group policy. The issue is classified under CWE-863 (Incorrect Authorization) and carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), highlighting its potential for high-impact confidentiality violations.
Attackers with low privileges (PR:L) but denied read access through sender or group policies can exploit the vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By triggering host-media attachment loading, they bypass authorization checks and retrieve readable local files via the outbound media path, achieving high confidentiality impact (C:H) within a scoped attack surface (S:C).
Advisories recommend upgrading to OpenClaw version 2026.4.10 or later to mitigate the issue. The fixing commit is available at https://github.com/openclaw/openclaw/commit/c949af9fabf3873b5b7c484090cb5f5ab6049a98, with further details in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-jhpv-5j76-m56h and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-in-host-media-attachment-reads.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Network-accessible authorization bypass in public-facing OpenClaw component directly enables T1190 for exploitation and T1005 for unauthorized local file reads.