Main Vulnerability Database Vulnerabilities #VU125170

#VU125170 UNIX symbolic link following in OpenClaw

Published: April 8, 2026

Vulnerability identifier: #VU125170

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-61

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a local user to append attacker-controlled content to arbitrary files on the system.

The vulnerability exists due to unix symbolic link following in agents.create and agents.update handlers when appending to IDENTITY.md in the agent workspace. A local user can place a symlink at the IDENTITY.md path and invoke the affected API methods to append attacker-controlled content to arbitrary files on the system.

The issue occurs because an existing symlink at the IDENTITY.md path is not prevented from being followed during the append operation.

Remediation

Install update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5

#VU125170 UNIX symbolic link following in OpenClaw

Description

Remediation

External links

Please verify you're human