CVE-2026-32013

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.25

Description OpenClaw gateway agents contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods. This allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway process permissions. This could potentially enable code execution through file overwrite attacks. The agents.files.get and agents.files.set methods previously allowed symlink traversal for allowlisted workspace files, where a symlinked allowlisted file could resolve outside the agent workspace.

Recommendations Versions prior to 2026.2.25 should be updated to version 2026.2.25 or later. The patch resolves real workspace paths, enforces containment for resolved targets, rejects out-of-workspace symlink targets, and keeps in-workspace symlink targets supported. The patch also adds gateway regression tests for blocked escapes and valid in-workspace symlink behavior.