PT-2026-25418 · Npm · Openclaw
Published
2026-03-03
·
Updated
2026-03-03
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Summary
A path-confinement bypass in browser output handling allowed writes outside intended roots in
openclaw versions up to and including 2026.3.1.The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related install/skills write paths.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version at triage time:
2026.3.1 - Affected range:
<= 2026.3.1 - Patched release:
2026.3.2(released)
Fix Commit(s)
104d32bb64cdf19d5e77f70553a511a2ae90ad1c
Technical Notes
- Browser output writes now use root-bound, fd/inode-verified commit flow.
- Install + skills path checks now share canonical in-base validation to reduce drift and close equivalent escape surfaces.
- Added regression coverage for symlink-rebind and root-bound source-path write behavior.
Fix
Link Following
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw