Medium severity6.5NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026
CVE-2026-41370
CVE-2026-41370
Description
OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.