CVE-2026-34510

Summary

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended access restrictions.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.3.22affected
OpenClawOpenClaw2026.3.22unaffected

Weaknesses

  • CWE-41: CWE-41: Improper Resolution of Path Equivalence

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References