GHSA-2WW6-868G-2C56

Vulnerability from github – Published: 2026-03-03 18:30 – Updated: 2026-03-20 21:14
VLAI?
Summary
OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation
Details

Summary

The HTML session exporter (src/auto-reply/reply/export-html/template.js) interpolates img.mimeType directly into <img src="data:..."> attributes without validation or escaping. A crafted mimeType value (e.g., x" onerror="alert(1)) can break out of the attribute context and execute arbitrary JavaScript.

Impact

An attacker who can control image entries in session data (via crafted tool results or session manipulation) can achieve XSS when the exported HTML is opened. The precondition is tighter than the main XSS finding (requires image content blocks with a malicious mimeType), but exploitation is straightforward.

Affected components

  • src/auto-reply/reply/export-html/template.js — line 1032 (tool result images), line 1306 (user message images)

Reproduction

  1. Craft a session entry with an image content block where mimeType is set to image/png" onerror="alert(document.domain)
  2. Export the session to HTML
  3. Open the exported HTML — the injected onerror fires

Remediation

  • Added sanitizeImageMimeType() helper that validates mimeType against a whitelist of known image MIME types
  • Falls back to application/octet-stream for unrecognized values, preventing attribute breakout

Fix

https://github.com/openclaw/openclaw/pull/24140

Severity ?
4.6 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T18:30:39Z",
    "nvd_published_at": "2026-03-19T22:16:40Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThe HTML session exporter (`src/auto-reply/reply/export-html/template.js`) interpolates `img.mimeType` directly into `\u003cimg src=\"data:...\"\u003e` attributes without validation or escaping. A crafted `mimeType` value (e.g., `x\" onerror=\"alert(1)`) can break out of the attribute context and execute arbitrary JavaScript.\n\n## Impact\n\nAn attacker who can control image entries in session data (via crafted tool results or session manipulation) can achieve XSS when the exported HTML is opened. The precondition is tighter than the main XSS finding (requires image content blocks with a malicious mimeType), but exploitation is straightforward.\n\n## Affected components\n\n- `src/auto-reply/reply/export-html/template.js` \u2014 line 1032 (tool result images), line 1306 (user message images)\n\n## Reproduction\n\n1. Craft a session entry with an image content block where `mimeType` is set to `image/png\" onerror=\"alert(document.domain)`\n2. Export the session to HTML\n3. Open the exported HTML \u2014 the injected `onerror` fires\n\n## Remediation\n\n- Added `sanitizeImageMimeType()` helper that validates mimeType against a whitelist of known image MIME types\n- Falls back to `application/octet-stream` for unrecognized values, preventing attribute breakout\n\n## Fix\n\nhttps://github.com/openclaw/openclaw/pull/24140",
  "id": "GHSA-2ww6-868g-2c56",
  "modified": "2026-03-20T21:14:26Z",
  "published": "2026-03-03T18:30:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2ww6-868g-2c56"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32040"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/24140"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/f3adf142c195000cbde31200626a1d8c8b716df9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-html-injection-via-unvalidated-image-mime-type-in-data-url-interpolation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.