CVE-2026-28482

HIGH EPSS 3.4%
Published Mar 5, 20263mo ago · Modified Jun 17, 20261w ago
8.4 CVSS 4.0
High
Find Similar
Published Mar 5, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory.

CVSS Details

Base Score
8.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
3.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.12

References 4

  • github.com https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
    Patch
  • github.com https://github.com/openclaw/openclaw/commit/cab0abf52ac91e12ea7a0cf04fff315cf0c94d64
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426q
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-path-traversal-via-unsanitized-sessionid-and-sessionfile-parameters
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
    Patch
  • github.com https://github.com/openclaw/openclaw/commit/cab0abf52ac91e12ea7a0cf04fff315cf0c94d64
    Patch