OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations.
Published: 2026-03-21
Updated: 2026-03-23
Base Score: 8.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:P
Severity: High
Base Score: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Severity: High
Base Score: 7.2
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Severity: High
EPSS: 0.00043