Path traversal in OpenClaw - CVE-2026-26972

 

Path traversal in OpenClaw - CVE-2026-26972

Published: May 4, 2026


Vulnerability identifier: #VU129454
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-26972
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to write files outside the intended download directory.

The vulnerability exists due to path traversal in browser download helpers when handling browser control gateway download requests with a user-supplied output path. A remote user can send a specially crafted request to write files outside the intended download directory.

This issue is not exposed via the AI agent tool schema, and exploitation requires authenticated CLI access or an authenticated gateway RPC token.


How to mitigate CVE-2026-26972

Install security update from vendor's website.

Sources