Path traversal in OpenClaw - #VU135886
Published: June 30, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a local user to bypass authorization or policy checks.
The vulnerability exists due to path traversal in sandbox bind mounts when processing lower-trust caller or configured input paths. A local user can supply a crafted input path to bypass authorization or policy checks.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on operator configuration and whether lower-trust input can reach the affected path.