CVE-2026-32020

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22

Description OpenClaw contains a path traversal issue in the static file handler. The handler follows symbolic links, which can lead to reading files outside of the intended root directory. An attacker can place symbolic links under the Control UI root directory to bypass directory confinement checks and read arbitrary files. The vulnerable flow exists in src/gateway/control-ui.ts, where checks were performed before file reads that resolved symlinks, allowing directory-confinement bypasses. The fix enforces realpath containment and verifies file identity before serving Control UI assets.

Recommendations Update OpenClaw to version 2026.2.22 or later.