Main Vulnerability Database Vulnerabilities #VU125268

#VU125268 Improper access control in OpenClaw

Published: April 8, 2026

Vulnerability identifier: #VU125268

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote user to delete the contents of an unintended remote directory and replace them with uploaded workspace data.

The vulnerability exists due to improper access control in the OpenShell mirror backend when processing attacker-influenced remoteWorkspaceDir and remoteAgentWorkspaceDir values in mirror mode. A remote user can supply arbitrary absolute paths to trigger remote cleanup and overwrite operations to delete the contents of an unintended remote directory and replace them with uploaded workspace data.

Exploitation requires the ability to influence those OpenShell configuration values.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x

#VU125268 Improper access control in OpenClaw

Description

Remediation

External links

Please verify you're human