PT-2026-25408 · Npm · Openclaw
Publicado
2026-03-03
·
Atualizado
2026-03-03
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
A workspace-only file-system guard mismatch allowed
@-prefixed absolute paths to bypass boundary validation in some tool path checks.Impact
When
tools.fs.workspaceOnly=true, certain @-prefixed absolute paths (for example @/etc/passwd) could be validated before canonicalization while runtime path handling normalized the prefix differently. In affected code paths this could permit reads outside the intended workspace boundary.Per
SECURITY.md, OpenClaw is primarily a personal-assistant runtime with trusted-user assumptions, and this path is gated behind non-default sandbox/tooling configuration. That reduces practical exposure, but the bypass is still a security bug and is fixed.Affected Packages / Versions
- Package:
openclaw(npm) - Latest published at triage time:
2026.2.23 - Affected versions:
<= 2026.2.23 - Patched versions:
>= 2026.2.24
Fix Commit(s)
9ef0fc2ff8fa7b145d1e746d6eb030b1bf692260
OpenClaw thanks @tdjackey for reporting.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw