A vulnerability was found in OpenClaw up to 2026.3.1 . It has been declared as critical . Affected is the function stageSandboxMedia . Executing a manipulation can lead to link following. This vulnerability appears as CVE-2026-31990 . The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.