CVE-2026-35658— OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35658
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.2之前版本存在安全漏洞,该漏洞源于图像工具未遵守tools.fs.workspaceOnly限制,可能导致攻击者遍历沙箱桥接挂载点以读取工作区外的文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35658
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35658
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-04-10 · 29 CVEs total
| CVE-2026-35669 | 8.8 HIGH | OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope |
| CVE-2026-35643 | 8.8 HIGH | OpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterfac |
| CVE-2026-35663 | 8.8 HIGH | OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim |
| CVE-2026-35666 | 8.8 HIGH | OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper |
| CVE-2026-35660 | 8.1 HIGH | OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset |
| CVE-2026-35653 | 8.1 HIGH | OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request |
| CVE-2026-35641 | 7.8 HIGH | OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installati |
| CVE-2026-35668 | 7.7 HIGH | OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Par |
| CVE-2026-35650 | 7.5 HIGH | OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization |
| CVE-2026-35621 | 6.5 MEDIUM | OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence |
| CVE-2026-35649 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist |
| CVE-2026-35657 | 6.5 MEDIUM | OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route |
| CVE-2026-35656 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limi |
| CVE-2026-35652 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - Unauthorized Action Execution via Callback Dispatch |
| CVE-2026-35667 | 6.1 MEDIUM | OpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell |
| CVE-2026-35670 | 5.9 MEDIUM | OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat |
| CVE-2026-35655 | 5.7 MEDIUM | OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution |
| CVE-2026-35620 | 5.4 MEDIUM | OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands |
| CVE-2026-35654 | 5.3 MEDIUM | OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke |
| CVE-2026-35661 | 5.3 MEDIUM | OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-668
- CVE-2026-41369
OpenClaw < 2026.3.31 - Insufficient Environment Variable San - CVE-2026-41368
OpenClaw < 2026.3.28 - Environment Variable Disclosure via j - CVE-2026-41362
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache - CVE-2026-6830
Nesquena Hermes WebUI Environment Variable Credential Leakag - CVE-2026-32690
Apache Airflow: 3.x - Nested Variable Secret Values Bypass R
V. Comments for CVE-2026-35658
No comments yet