CVE-2026-26329

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14

Description Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passes these paths to Playwright's setInputFiles() APIs without restricting them to a safe root. An attacker must reach the Gateway HTTP surface, present valid Gateway authentication (bearer token or password), and have the browser tool permitted by tool policy. If the Gateway is exposed beyond loopback, the impact increases. The upload action is accessed via the POST /tools/invoke API endpoint with the {"tool":"browser","action":"upload",...} payload, or through the POST /hooks/file-chooser browser control hook. The vulnerability allows reading files from the local filesystem and potentially exfiltrating their contents using page JavaScript or agent/browser snapshots. The vulnerable parameter is the file path provided to the upload action.

Recommendations Update OpenClaw to version 2026.2.14 or later.