CVE-2026-35632

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.2.22

Description OpenClaw through version 2026.2.22 has a symlink traversal issue in the agents.create and agents.update handlers. These handlers use fs.appendFile on IDENTITY.md without proper symlink containment checks. An attacker with workspace access can create symlinks to append content to arbitrary files. This can lead to remote code execution through crontab injection or unauthorized access via SSH key manipulation.

Recommendations Update OpenClaw to a version later than 2026.2.22.