CVE-2026-29611 Overview
CVE-2026-29611 is a Local File Inclusion (LFI) vulnerability affecting OpenClaw versions prior to 2026.2.14. The vulnerability exists in the BlueBubbles extension's media path handling functionality. When the BlueBubbles extension is installed and enabled, the sendBlueBubblesMedia function fails to properly validate mediaPath parameters against an allowlist, enabling attackers to traverse the filesystem and read arbitrary files. This allows unauthorized access to sensitive system files such as /etc/passwd, which can then be exfiltrated as media attachments.
Critical Impact
Attackers can exploit this vulnerability to read arbitrary files from the local filesystem, potentially exposing sensitive configuration files, credentials, and other confidential data through the BlueBubbles media handling mechanism.
Affected Products
- OpenClaw versions prior to 2026.2.14
- OpenClaw installations with BlueBubbles extension installed and enabled
Discovery Timeline
- 2026-03-05 - CVE CVE-2026-29611 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-29611
Vulnerability Analysis
This vulnerability is classified under CWE-73 (External Control of File Name or Path), which occurs when software allows user input to control or influence paths or file names used in filesystem operations. In the context of CVE-2026-29611, the BlueBubbles extension's media handling functionality accepts arbitrary file paths without proper validation, enabling attackers to specify paths outside the intended media directories.
The attack is network-accessible but requires the BlueBubbles extension to be installed and enabled on the target OpenClaw instance. An unauthenticated attacker can craft malicious requests containing path traversal sequences or absolute paths to sensitive system files. The vulnerability specifically impacts confidentiality, as attackers can read file contents but cannot modify or delete files.
Root Cause
The root cause of this vulnerability lies in the sendBlueBubblesMedia function's failure to implement proper input validation on the mediaPath parameter. The function processes file paths provided by users without checking whether they fall within an allowlist of permitted directories. This missing validation allows attackers to bypass intended access restrictions and request files from arbitrary filesystem locations.
The security patch introduces a mediaLocalRoots configuration option that defines an array of allowed root directories for media files, ensuring that only paths within these designated directories can be accessed.
Attack Vector
The attack vector is network-based and requires the following conditions:
- The target OpenClaw instance must have the BlueBubbles extension installed and enabled
- The attacker must be able to send requests to the OpenClaw instance
- No user interaction is required to exploit the vulnerability
An attacker can craft a request specifying a mediaPath parameter pointing to sensitive files like /etc/passwd, /etc/shadow (if readable), application configuration files, or other sensitive data. The vulnerable function processes this path without validation and returns the file contents as a media attachment.
// Security patch in extensions/bluebubbles/src/config-schema.ts
// Source: https://github.com/openclaw/openclaw/commit/71f357d9498cebb0efe016b0496d5fbe807539fc
textChunkLimit: z.number().int().positive().optional(),
chunkMode: z.enum(["length", "newline"]).optional(),
mediaMaxMb: z.number().int().positive().optional(),
+ mediaLocalRoots: z.array(z.string()).optional(),
sendReadReceipts: z.boolean().optional(),
blockStreaming: z.boolean().optional(),
groups: z.object({}).catchall(bluebubblesGroupConfigSchema).optional(),
The patch adds a mediaLocalRoots configuration parameter that allows administrators to define an allowlist of permitted directories for media file access, preventing path traversal attacks.
Detection Methods for CVE-2026-29611
Indicators of Compromise
- Unusual file access patterns in application logs showing requests for system files like /etc/passwd, /etc/shadow, or configuration files
- Media requests containing path traversal sequences such as ../ or absolute paths starting with /
- Unexpected outbound data transfers through the BlueBubbles extension media handling endpoints
- Log entries showing access attempts to files outside designated media directories
Detection Strategies
- Monitor application logs for mediaPath parameters containing suspicious patterns like ../, /etc/, or other sensitive directory references
- Implement web application firewall (WAF) rules to detect and block path traversal attempts in API requests
- Enable file access auditing on the server to track which files are being read by the OpenClaw application process
- Review BlueBubbles extension logs for anomalous media retrieval requests
Monitoring Recommendations
- Configure alerting for any file access attempts outside the expected media directories
- Implement centralized logging with SIEM integration to correlate potential LFI exploitation attempts
- Monitor for data exfiltration patterns through media attachment endpoints
- Regularly audit BlueBubbles extension configuration and access logs
How to Mitigate CVE-2026-29611
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.14 or later immediately
- If immediate upgrade is not possible, disable the BlueBubbles extension until the patch can be applied
- Review application and system logs for indicators of past exploitation attempts
- Audit any sensitive files that may have been accessed through this vulnerability
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.14. The fix introduces a mediaLocalRoots configuration option that restricts media file access to specified directories only. The patch is available through the GitHub Commit Update.
For additional details, refer to the GitHub Security Advisory and the VulnCheck Advisory on OpenClaw.
Workarounds
- Disable the BlueBubbles extension if it is not required for your deployment
- Implement network-level restrictions to limit access to the OpenClaw instance to trusted sources only
- Configure a reverse proxy or WAF to filter requests containing path traversal patterns
- Run the OpenClaw application with minimal filesystem permissions to limit the impact of potential exploitation
# Configuration example - After upgrading, configure mediaLocalRoots in BlueBubbles config
# Restrict media access to specific allowed directories only
mediaLocalRoots:
- "/var/openclaw/media"
- "/var/openclaw/attachments"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
