Akhmittra

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2.0.0-beta3 through 2026.2.13 **Description** The OpenClaw software contains a path traversal issue within the hook transform module loading process that could lead to arbitrary JavaScript execution. The `hooks.mappings[].transform.module` parameter is susceptible to accepting absolute paths and traversal sequences. An attacker with configuration write access can leverage this to load and execute malicious modules with gateway process privileges. The issue arises because path resolution previously accepted absolute paths and did not enforce containment for relative paths, allowing a config-controlled transform to resolve outside the intended transforms directory. **Recommendations** Update OpenClaw to version 2026.2.14 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.12 **Description** The software uses non-constant-time string comparison for hook token validation. This allows attackers to potentially infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually determine the authentication token. Real-world latency and jitter can make reliable measurement difficult. The issue involves comparing the provided hook token using a regular string comparison, which is not constant-time. The hooks endpoint is the relevant API endpoint. The vulnerable operation involves the validation of the hook token. **Recommendations** Upgrade to OpenClaw version 2026.2.12 or later. If users cannot upgrade immediately, restrict network access to the hooks endpoint and rotate the hooks token after updating.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.12 **Description** OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized `sessionId` parameters and `sessionFile` paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences, such as `../../etc/passwd` in the `sessionId` or `sessionFile` parameters, to read or write arbitrary files outside the agent sessions directory. An attacker must be authenticated to the gateway to exploit this issue. The gateway, by default, binds to loopback, so configurations exposing the gateway widen the attack surface. The issue is related to transcript file read/write operations. **Recommendations** Upgrade to OpenClaw version 2026.2.12 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.14 **Description** OpenClaw is susceptible to a command hijacking issue. Attackers can execute unintended binaries by manipulating the `PATH` environment variable through node-host execution or project-local bootstrapping. This is possible when OpenClaw relies on allowlist/safe-bin protections and expects the `PATH` to be trustworthy. An attacker requires authenticated access to node-host execution surfaces or the ability to run OpenClaw in attacker-controlled directories to place malicious executables in the `PATH`, overriding allowlisted safe-bin commands and achieving arbitrary command execution. Two scenarios can trigger this issue: A) Node Host `PATH` override (remote command hijack) and B) Project-local `PATH` bootstrapping (local command hijack). The `system.run` function is involved in the node-host execution scenario. **Recommendations** OpenClaw versions prior to 2026.2.14 should be updated to version 2026.2.14 or later. Project-local `node modules/.bin` PATH bootstrapping is now disabled by default. If explicitly enabled, it is append-only via `OPENCLAW ALLOW PROJECT LOCAL BIN=1`. Node Host now ignores request-scoped `PATH` overrides.