Vulnerability DatabaseCVE-2026-35668

CVE-2026-35668:
OpenClaw (formerly Moltbot or Clawdbot) vulnerability analysis and mitigation

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.1

Score

Published April 10, 2026

Severity HIGH

CNA Score 7.1

Affected Technologies

OpenClaw (formerly Moltbot or Clawdbot)

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 12.4

Exploitation Probability (EPSS) N/A

Affected packages and libraries

openclaw

Sources

NVD
GitHub Advisory Database
- npm Severity HIGHHas FixAdded at: Apr 12, 2026
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Apr 14, 2026
Minimus
- MinimOS Severity HIGHHas FixAdded at: Apr 12, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related OpenClaw (formerly Moltbot or Clawdbot) vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-35669	HIGH	8.7	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026
CVE-2026-28291	HIGH	8.1	JavaScript	grafana-prometheus	No	Yes	Apr 13, 2026
CVE-2026-35668	HIGH	7.1	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026
CVE-2026-35667	MEDIUM	6.9	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026
CVE-2026-35670	MEDIUM	6	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026