← back
CVE-2026-28482

OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters

CVSS 8.4 HIGHEPSS 0.1%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
05 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
OpenClaw · OpenClaw

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26https://github.com/openclaw/openclaw/commit/cab0abf52ac91e12ea7a0cf04fff315cf0c94d64https://github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426qhttps://www.vulncheck.com/advisories/openclaw-path-traversal-via-unsanitized-sessionid-and-sessionfile-parameters