CVE-2026-43533

CVE-2026-43533 is an arbitrary file read vulnerability affecting OpenClaw versions prior to 2026.4.10, specifically in the QQBot media tags component. The flaw allows attackers to reference host-local paths outside the intended media storage boundary by crafting malicious reply text containing media tags, which leads to disclosure of arbitrary local files through outbound media handling. It has been assigned CWE-23 (Relative Path Traversal) and a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and significant confidentiality impact in a scoped context. The vulnerability was published on 2026-05-05.

Remote attackers without authentication can exploit this vulnerability by sending specially crafted reply text with malicious media tags to an affected OpenClaw instance. Successful exploitation enables the attacker to read arbitrary files on the host system, potentially exposing sensitive data such as configuration files, credentials, or other local resources accessible to the OpenClaw process.

Advisories from GitHub (GHSA-66r7-m7xm-v49h) and VulnCheck detail the issue, with a fixing commit (604777e4414cc3b2ff8861f18f4fb04374c702c6) available in the OpenClaw repository. Mitigation involves upgrading to OpenClaw 2026.4.10 or later, where the media tag path validation has been strengthened to prevent traversal outside the storage boundary.