![[openclaw] OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset](/assets/images/github_com_1772501083430.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 1
[openclaw] OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset
By GitHub2026๋
3์ 3์ผ
**[openclaw] OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset**
Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered. Affected Packages / Versions Package: openclaw (npm) Latest published npm version at triage: 2026.2.23 Vulnerable: <= 2026.2.23 Patched in code: >= 2026.2.24 (planned next release) Remediation Upgrade to openclaw 2026.2.24 or later once published. Fix Commit(s) 270ab03e379f9653e15f7033c9830399b66b7e51 Release Process Note patched_versions is pre-set to the planned next release (>= 2026.2.24). Once that npm release is published, this advisory can be published without further field edits...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was triggered. Affected Packages / Versions Package: openclaw (npm) Latest published npm version at triage: 2026.2.23 Vulnerable: <= 2026.2.23 Patched in code: >= 2026.2.24 (planned next release) Remediation Upgrade to openclaw 2026.2.24 or later once published. Fix Commit(s) 270ab03e379f9653e15f7033c9830399b66b7e51 Release Process Note patched_versions is pre-set to the planned next release (>= 2026.2.24). Once that npm release is published, this advisory can be published without further field edits...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.