CVE-2026-28459

HIGH EPSS 28.2%
Published Mar 5, 20263mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 4.0
High
Find Similar
Published Mar 5, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append data repeatedly, potentially causing configuration corruption or denial of service.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
28.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-73

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.12

References 4

  • github.com https://github.com/openclaw/openclaw/commit/25950bcbb8ba4d8cde002557f6e27c219ae4deda
    Patch
  • github.com https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-64qx-vpxx-mvqf
    PatchVendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-untrusted-sessionfile-path
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/25950bcbb8ba4d8cde002557f6e27c219ae4deda
    Patch
  • github.com https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-64qx-vpxx-mvqf
    PatchVendor Advisory