Skip to content
CVSS 7.7 · HIGH

CVE-2026-43532

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

Ver en NVD

Severidad

Puntaje: 7.7(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-184

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.0%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

Publicada: 5/5/2026, 12:16:19
Última modificación: 7/5/2026, 1:54:05

Referencias

InicioEventosBlogRecursosEquipo