Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.0%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-25475
  • Openclaw » Openclaw » Version: 0.1.0
    cpe:2.3:a:openclaw:openclaw:0.1.0
  • Openclaw » Openclaw » Version: 0.1.1
    cpe:2.3:a:openclaw:openclaw:0.1.1
  • Openclaw » Openclaw » Version: 0.1.2
    cpe:2.3:a:openclaw:openclaw:0.1.2
  • Openclaw » Openclaw » Version: 0.1.3
    cpe:2.3:a:openclaw:openclaw:0.1.3
  • Openclaw » Openclaw » Version: 1.0.4
    cpe:2.3:a:openclaw:openclaw:1.0.4
  • Openclaw » Openclaw » Version: 1.1.0
    cpe:2.3:a:openclaw:openclaw:1.1.0
  • Openclaw » Openclaw » Version: 1.2.0
    cpe:2.3:a:openclaw:openclaw:1.2.0
  • Openclaw » Openclaw » Version: 1.2.1
    cpe:2.3:a:openclaw:openclaw:1.2.1
  • Openclaw » Openclaw » Version: 1.2.2
    cpe:2.3:a:openclaw:openclaw:1.2.2
  • Openclaw » Openclaw » Version: 1.3.0
    cpe:2.3:a:openclaw:openclaw:1.3.0
  • Openclaw » Openclaw » Version: 2.0.0
    cpe:2.3:a:openclaw:openclaw:2.0.0
  • Openclaw » Openclaw » Version: 2026.1.10
    cpe:2.3:a:openclaw:openclaw:2026.1.10
  • Openclaw » Openclaw » Version: 2026.1.11
    cpe:2.3:a:openclaw:openclaw:2026.1.11
  • Openclaw » Openclaw » Version: 2026.1.11-1
    cpe:2.3:a:openclaw:openclaw:2026.1.11-1
  • Openclaw » Openclaw » Version: 2026.1.11-2
    cpe:2.3:a:openclaw:openclaw:2026.1.11-2
  • Openclaw » Openclaw » Version: 2026.1.11-3
    cpe:2.3:a:openclaw:openclaw:2026.1.11-3
  • Openclaw » Openclaw » Version: 2026.1.11-4
    cpe:2.3:a:openclaw:openclaw:2026.1.11-4
  • Openclaw » Openclaw » Version: 2026.1.12
    cpe:2.3:a:openclaw:openclaw:2026.1.12
  • Openclaw » Openclaw » Version: 2026.1.12-1
    cpe:2.3:a:openclaw:openclaw:2026.1.12-1
  • Openclaw » Openclaw » Version: 2026.1.12-2
    cpe:2.3:a:openclaw:openclaw:2026.1.12-2
  • Openclaw » Openclaw » Version: 2026.1.13
    cpe:2.3:a:openclaw:openclaw:2026.1.13
  • Openclaw » Openclaw » Version: 2026.1.14-1
    cpe:2.3:a:openclaw:openclaw:2026.1.14-1
  • Openclaw » Openclaw » Version: 2026.1.15
    cpe:2.3:a:openclaw:openclaw:2026.1.15
  • Openclaw » Openclaw » Version: 2026.1.16-1
    cpe:2.3:a:openclaw:openclaw:2026.1.16-1
  • Openclaw » Openclaw » Version: 2026.1.16-2
    cpe:2.3:a:openclaw:openclaw:2026.1.16-2
  • Openclaw » Openclaw » Version: 2026.1.20
    cpe:2.3:a:openclaw:openclaw:2026.1.20
  • Openclaw » Openclaw » Version: 2026.1.20-1
    cpe:2.3:a:openclaw:openclaw:2026.1.20-1
  • Openclaw » Openclaw » Version: 2026.1.20-2
    cpe:2.3:a:openclaw:openclaw:2026.1.20-2
  • Openclaw » Openclaw » Version: 2026.1.21
    cpe:2.3:a:openclaw:openclaw:2026.1.21
  • Openclaw » Openclaw » Version: 2026.1.21-1
    cpe:2.3:a:openclaw:openclaw:2026.1.21-1
  • Openclaw » Openclaw » Version: 2026.1.21-2
    cpe:2.3:a:openclaw:openclaw:2026.1.21-2
  • Openclaw » Openclaw » Version: 2026.1.22
    cpe:2.3:a:openclaw:openclaw:2026.1.22
  • Openclaw » Openclaw » Version: 2026.1.23
    cpe:2.3:a:openclaw:openclaw:2026.1.23
  • Openclaw » Openclaw » Version: 2026.1.23-1
    cpe:2.3:a:openclaw:openclaw:2026.1.23-1
  • Openclaw » Openclaw » Version: 2026.1.24
    cpe:2.3:a:openclaw:openclaw:2026.1.24
  • Openclaw » Openclaw » Version: 2026.1.24-1
    cpe:2.3:a:openclaw:openclaw:2026.1.24-1
  • Openclaw » Openclaw » Version: 2026.1.24-2
    cpe:2.3:a:openclaw:openclaw:2026.1.24-2
  • Openclaw » Openclaw » Version: 2026.1.24-3
    cpe:2.3:a:openclaw:openclaw:2026.1.24-3
  • Openclaw » Openclaw » Version: 2026.1.29
    cpe:2.3:a:openclaw:openclaw:2026.1.29
  • Openclaw » Openclaw » Version: 2026.1.4
    cpe:2.3:a:openclaw:openclaw:2026.1.4
  • Openclaw » Openclaw » Version: 2026.1.4-1
    cpe:2.3:a:openclaw:openclaw:2026.1.4-1
  • Openclaw » Openclaw » Version: 2026.1.5
    cpe:2.3:a:openclaw:openclaw:2026.1.5
  • Openclaw » Openclaw » Version: 2026.1.5-1
    cpe:2.3:a:openclaw:openclaw:2026.1.5-1
  • Openclaw » Openclaw » Version: 2026.1.5-2
    cpe:2.3:a:openclaw:openclaw:2026.1.5-2
  • Openclaw » Openclaw » Version: 2026.1.5-3
    cpe:2.3:a:openclaw:openclaw:2026.1.5-3
  • Openclaw » Openclaw » Version: 2026.1.8
    cpe:2.3:a:openclaw:openclaw:2026.1.8
  • Openclaw » Openclaw » Version: 2026.1.8-1
    cpe:2.3:a:openclaw:openclaw:2026.1.8-1
  • Openclaw » Openclaw » Version: 2026.1.8-2
    cpe:2.3:a:openclaw:openclaw:2026.1.8-2
  • Openclaw » Openclaw » Version: 2026.1.9
    cpe:2.3:a:openclaw:openclaw:2026.1.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved