PT-2026-26737 · Openclaw · Openclaw
Tdjackey
·
Published
2026-03-12
·
Updated
2026-03-21
·
CVE-2026-32055
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.2.26
Description
OpenClaw contains a path traversal issue in workspace boundary validation. This allows attackers to write files outside the designated workspace by utilizing in-workspace symbolic links that point to non-existent targets outside the root directory. The boundary check incorrectly resolves aliases, enabling the initial write operation to bypass the workspace boundary and create files in arbitrary locations.
Recommendations
Update OpenClaw to version 2026.2.26 or later.
Fix
Link Following
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw