CVE-2026-43533
Published: 05 May 2026
Summary
CVE-2026-43533 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates path traversal attacks by validating media tag inputs to ensure paths remain within the intended storage boundary.
Ensures timely remediation of the specific flaw through patching to OpenClaw 2026.4.10 or later, which strengthens media tag path validation.
Limits the impact of successful arbitrary file reads by enforcing least privilege on the OpenClaw process, restricting access to sensitive host files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file read via crafted media tags in a public-facing OpenClaw service directly enables remote exploitation of the application (T1190) and collection of arbitrary local files/credentials (T1005).
NVD Description
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files…
more
through outbound media handling.
Deeper analysisAI
CVE-2026-43533 is an arbitrary file read vulnerability affecting OpenClaw versions prior to 2026.4.10, specifically in the QQBot media tags component. The flaw allows attackers to reference host-local paths outside the intended media storage boundary by crafting malicious reply text containing media tags, which leads to disclosure of arbitrary local files through outbound media handling. It has been assigned CWE-23 (Relative Path Traversal) and a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and significant confidentiality impact in a scoped context. The vulnerability was published on 2026-05-05.
Remote attackers without authentication can exploit this vulnerability by sending specially crafted reply text with malicious media tags to an affected OpenClaw instance. Successful exploitation enables the attacker to read arbitrary files on the host system, potentially exposing sensitive data such as configuration files, credentials, or other local resources accessible to the OpenClaw process.
Advisories from GitHub (GHSA-66r7-m7xm-v49h) and VulnCheck detail the issue, with a fixing commit (604777e4414cc3b2ff8861f18f4fb04374c702c6) available in the OpenClaw repository. Mitigation involves upgrading to OpenClaw 2026.4.10 or later, where the media tag path validation has been strengthened to prevent traversal outside the storage boundary.
Details
- CWE(s)