PT-2026-27027 · Npm · Openclaw
Published
2026-03-12
·
Updated
2026-03-12
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Summary
A sandbox boundary-validation gap in symlink alias handling allowed certain workspace-only write paths to be treated as in-boundary even when they could resolve outside the workspace/sandbox root.
Affected Packages / Versions
- Package: npm
openclaw - Affected versions:
<= 2026.2.25 - Latest published npm version included in affected range:
2026.2.25(checked on February 26, 2026) - Patched version (pre-set for release):
2026.2.26
Technical Details
In affected versions, dangling symlink hops could be accepted during boundary checks under missing-target conditions. For workspace-only write flows (including
apply patch), this could allow writes to resolve outside the configured workspace/sandbox boundary.The fix resolves symlink targets through existing ancestors and fails closed when canonical resolution escapes the configured boundary.
Impact
- Boundary-confined write operations could be redirected outside the configured workspace/sandbox root.
- Primary impact is integrity of host-side files reachable from that path resolution.
Fix Commit(s)
4fd29a35bb85a1898ebff518364c467058b50e14
Release Process Note
patched versions is pre-set to the planned next release (2026.2.26) so once npm 2026.2.26 is published, the advisory can be published without further field edits.Thanks @tdjackey for reporting.
Fix
Link Following
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw