PT-2026-25104 · Npm · Openclaw
Published
2026-03-02
·
Updated
2026-03-02
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Summary
The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published version observed:
2026.2.21-2 - Affected versions:
<=2026.2.21-2 - Planned fixed release version:
2026.2.22
Technical Details
The vulnerable flow was in
src/gateway/control-ui.ts, where path.join(...) + string-prefix checks were followed by file reads that resolved symlinks. This allowed directory-confinement bypasses when symlinks existed inside the Control UI root.The fix now enforces realpath containment and verifies file identity before serving Control UI assets and SPA fallback
index.html.Impact
- Vulnerability type: path traversal / external file exposure via symlink following.
- Primary impact: confidentiality (out-of-root file read).
- Severity guidance: low in supported trusted-operator deployments; can be higher in unsupported shared-writable setups.
Fix Commit(s)
7c500ff6236fa087ec1ec88696ca9f6881e90dc5
Release Process Note
patched versions is pre-set to the planned next release (2026.2.22). After npm release is available, publish the advisory.OpenClaw thanks @tdjackey for reporting.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw