CVE-2026-27522 | OpenClaw up to 2026.2.23 Message sendAttachment/setGroupIcon path traversal (GHSA-fqcm-97m6-w7rm)

A vulnerability categorized as critical has been discovered in OpenClaw up to 2026.2.23. This impacts the function sendAttachment/setGroupIcon of the component Message Handler. The manipulation results in path traversal.

This vulnerability is reported as CVE-2026-27522. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More