Path traversal in OpenClaw - CVE-2026-26972
Published: May 4, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to write files outside the intended download directory.
The vulnerability exists due to path traversal in browser download helpers when handling browser control gateway download requests with a user-supplied output path. A remote user can send a specially crafted request to write files outside the intended download directory.
This issue is not exposed via the AI agent tool schema, and exploitation requires authenticated CLI access or an authenticated gateway RPC token.