PT-2026-23557 · Openclaw · Openclaw
Akhmittra
·
Published
2026-02-14
·
Updated
2026-03-06
·
CVE-2026-28482
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.2.12
Description
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized
sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences, such as ../../etc/passwd in the sessionId or sessionFile parameters, to read or write arbitrary files outside the agent sessions directory. An attacker must be authenticated to the gateway to exploit this issue. The gateway, by default, binds to loopback, so configurations exposing the gateway widen the attack surface. The issue is related to transcript file read/write operations.Recommendations
Upgrade to OpenClaw version 2026.2.12 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw