Jufeng123768

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.2 **Description** An arbitrary directory deletion issue exists in mirror mode. Attackers can delete remote directories by influencing the `remoteWorkspaceDir` and `remoteAgentWorkspaceDir` configuration values. By manipulating these OpenShell config paths, attackers can cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data. **Recommendations** Update to version 2026.4.2.