Main Vulnerability Database Vulnerabilities #VU128626

Link following in OpenClaw - CVE-2026-41397

Published: April 30, 2026

Vulnerability identifier: #VU128626

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-41397

CWE-ID: CWE-59

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to escape the sandbox and access unintended files.

The vulnerability exists due to improper link resolution before file access in the Mirror Sync file synchronization feature when processing synced files and symlinks. A remote attacker can upload or transfer a specially crafted symlink to escape the sandbox and access unintended files.

How to mitigate CVE-2026-41397

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2
https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320

Link following in OpenClaw - CVE-2026-41397

Detailed vulnerability description

How to mitigate CVE-2026-41397

Sources

Please verify you're human