CVE-2026-28482
HIGH EPSS 3.4%
Published Mar 5, 20263mo ago · Modified Jun 17, 20261w ago
8.4 CVSS 4.0
Published Mar 5, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
3.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openclaw | openclaw | * | <2026.2.12 |
References 4
- github.com https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
- github.com https://github.com/openclaw/openclaw/commit/cab0abf52ac91e12ea7a0cf04fff315cf0c94d64
- github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426q
- vulncheck.com https://www.vulncheck.com/advisories/openclaw-path-traversal-via-unsanitized-sessionid-and-sessionfile-parameters
Remediation
- github.com https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
- github.com https://github.com/openclaw/openclaw/commit/cab0abf52ac91e12ea7a0cf04fff315cf0c94d64