Main Vulnerability Database Vulnerabilities #VU125170

UNIX symbolic link following in OpenClaw - #VU125170

Published: April 8, 2026

Vulnerability identifier: #VU125170

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-61

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a local user to append attacker-controlled content to arbitrary files on the system.

The vulnerability exists due to unix symbolic link following in agents.create and agents.update handlers when appending to IDENTITY.md in the agent workspace. A local user can place a symlink at the IDENTITY.md path and invoke the affected API methods to append attacker-controlled content to arbitrary files on the system.

The issue occurs because an existing symlink at the IDENTITY.md path is not prevented from being followed during the append operation.

Remediation

Install update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5

UNIX symbolic link following in OpenClaw - #VU125170

Detailed vulnerability description

Remediation

Sources

Please verify you're human