PT-2026-26011 · Openclaw · Openclaw
Tdjackey
·
Published
2026-03-02
·
Updated
2026-03-18
·
CVE-2026-22180
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.2
Description
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass in browser output handling. This allows writes outside of intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to bypass root-bound restrictions and write files to arbitrary locations. The issue involves insufficient validation of path boundaries during file write operations, enabling attackers to escape root-bound restrictions. The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related install/skills write paths.
Recommendations
Update OpenClaw to version 2026.3.2 or later.
Fix
Link Following
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw