CVE-2026-44996 | OpenClaw up to 2026.4.14 ReplyPayload.mediaUrl path traversal (GHSA-gfg9-5357-hv4c)

A vulnerability categorized as critical has been discovered in OpenClaw up to 2026.4.14. The affected element is an unknown function. Such manipulation of the argument ReplyPayload.mediaUrl leads to path traversal.

This vulnerability is referenced as CVE-2026-44996. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More