High severity7.7GHSA Advisory· Published May 5, 2026· Updated May 7, 2026

CVE-2026-43532

Description

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
openclawnpm	>= 2026.4.7, < 2026.4.10	2026.4.10

Affected products

OpenClaw/OpenclawGHSA2 versions
>= 2026.4.7, < 2026.4.10+ 1 more
- (no CPE)range: >= 2026.4.7, < 2026.4.10
- cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*range: >=2026.4.7,<2026.4.10

Patches

979c6f09d6fa

fix: include image param in sandbox media normalization [AI-assisted] (#64377)

https://github.com/openclaw/openclawMichael AppelApr 10, 2026via ghsa

commit

3 files changed · +32 −1

CHANGELOG.md+1 −0 modified

@@ -122,6 +122,7 @@ Docs: https://docs.openclaw.ai
 - Cron/isolated agent: run scheduled agent turns as non-owner senders so owner-only tools stay unavailable during cron execution. (#63878)
 - Voice Call/realtime: reject oversized realtime WebSocket frames before bridge setup so large pre-start payloads cannot crash the gateway. (#63890) Thanks @mmaps.
 
+- Discord/sandbox: include `image` in sandbox media param normalization so Discord event cover images cannot bypass sandbox path rewriting. (#64377) Thanks @mmaps.
 ## 2026.4.9
 
 ### Changes

src/infra/outbound/message-action-params.test.ts+23 −0 modified

@@ -81,6 +81,29 @@ describe("message action media helpers", () => {
     }
   });
 
+  maybeIt("normalizes Discord event image sandbox media params", async () => {
+    const sandboxRoot = await fs.mkdtemp(path.join(os.tmpdir(), "msg-params-image-"));
+    try {
+      const args: Record<string, unknown> = {
+        image: " file:///workspace/assets/event-cover.png ",
+      };
+
+      await normalizeSandboxMediaParams({
+        args,
+        mediaPolicy: {
+          mode: "sandbox",
+          sandboxRoot: ` ${sandboxRoot} `,
+        },
+      });
+
+      expect(args).toMatchObject({
+        image: path.join(sandboxRoot, "assets", "event-cover.png"),
+      });
+    } finally {
+      await fs.rm(sandboxRoot, { recursive: true, force: true });
+    }
+  });
+
   maybeIt(
     "keeps remote HTTP mediaUrl and fileUrl aliases unchanged under sandbox normalization",
     async () => {

src/infra/outbound/message-action-params.ts+8 −1 modified

@@ -16,7 +16,14 @@ import { readBooleanParam as readBooleanParamShared } from "../../plugin-sdk/boo
 
 export const readBooleanParam = readBooleanParamShared;
 
-const SANDBOX_MEDIA_PARAM_KEYS = ["media", "path", "filePath", "mediaUrl", "fileUrl"] as const;
+const SANDBOX_MEDIA_PARAM_KEYS = [
+  "media",
+  "path",
+  "filePath",
+  "mediaUrl",
+  "fileUrl",
+  "image",
+] as const;
 
 function readMediaParam(
   args: Record<string, unknown>,

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/openclaw/openclaw/commit/979c6f09d6fad96596feb91c905934be7e0b4f15nvdPatchWEB
github.com/advisories/GHSA-c9h3-5p7r-mrjhghsaADVISORY
github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjhnvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2026-43532ghsaADVISORY
www.vulncheck.com/advisories/openclaw-sandbox-media-normalization-bypass-via-discord-event-cover-imagenvdThird Party AdvisoryWEB
github.com/openclaw/openclaw/pull/64377ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.501
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000