OpenClaw Vulnerability - File Disclosure via Protocol Injection
Basically, a flaw in OpenClaw lets users steal files from chats without permission.
A vulnerability in OpenClaw allows group chat members to access sensitive files through prompt injection. This affects users on Discord, Telegram, and WhatsApp. It's crucial to update the platform to the latest version to mitigate risks.
What Happened
A serious file disclosure vulnerability has been discovered in OpenClaw, an AI personal assistant platform. This flaw allows any member of a group chat on platforms like Discord, Telegram, or WhatsApp to exfiltrate sensitive local files. These files can include critical data such as API keys, conversation histories, and system prompts. The vulnerability, reported on March 21, 2026, was silently fixed the next day, but the report was closed without acknowledgment of the issue.
The attack exploits the MEDIA: output protocol, which processes commands without requiring any authentication. This means that even a regular group chat member can execute commands to access sensitive files, bypassing all permission controls. The implications of this vulnerability are significant, as it can lead to unauthorized access to sensitive information.
Who's Affected
The vulnerability affects users of OpenClaw versions 2026.3.13 and earlier. Anyone using this platform for group chats is at risk, particularly those who may not be aware of the flaw. Since the vulnerability allows any group member to access files, it poses a threat to both individual users and organizations utilizing OpenClaw for communication.
The silent nature of the fix raises concerns about how vulnerabilities are handled within the platform. Users may not be aware that their data could be at risk, leading to potential exploitation. This lack of transparency can undermine trust in the platform.
What Data Was Exposed
The vulnerability allows attackers to exfiltrate various sensitive files, including:
- LLM provider API keys: These keys are crucial for accessing language model services.
- Conversation history: This could contain sensitive discussions and data shared within the chat.
- System prompts: These may include instructions or configurations that could be exploited further.
The attack scenario demonstrates how easily an attacker can exploit this flaw. By simply sending a specific command, they can receive sensitive files as attachments in the chat, making it a straightforward yet dangerous exploit.
What You Should Do
If you are using OpenClaw, it is crucial to update to version 2026.3.22 or later to mitigate this vulnerability. Ensure that your platform is running the latest version to protect against potential exploitation. Additionally, consider reviewing your chat group settings and permissions to limit access to sensitive information.
Stay informed about vulnerabilities and security advisories related to OpenClaw. Regularly check for updates and patches, and engage with the community to share experiences and solutions. Awareness and proactive measures are key to maintaining security in your communications.