OpenClaw: When Your AI Assistant Fetches /etc/passwd

Vulnerability ID: GHSA-5XFQ-5MR7-426Q
CVSS Score: 8.6
Published: 2026-02-18

A critical Path Traversal vulnerability in OpenClaw allows attackers to escape the session directory sandbox. By manipulating the sessionId parameter, malicious actors can read sensitive system files or overwrite configuration files, potentially leading to Remote Code Execution (RCE). The flaw stems from unsafe usage of Node.js path manipulation functions without adequate input validation.

TL;DR

OpenClaw trusted user input for file paths. Attackers can use ../ in session IDs to read or write files anywhere on the host system. Fixed in v2026.2.12 via strict allowlisting and path resolution checks.

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-22 (Path Traversal)
• CVSS Score: 8.6 (High)
• Attack Vector: Network
• Impact: Confidentiality, Integrity
• Platform: Node.js / TypeScript

Affected Systems

• OpenClaw AI Assistant (Self-Hosted)
• OpenClaw Gateway
• OpenClaw: < v2026.2.12 (Fixed in: v2026.2.12)

Code Analysis

Commit: 4199f98

Fix path traversal vulnerability in session handling

export const SAFE_SESSION_ID_RE = /^[a-z0-9][a-z0-9._-]{0,127}$/i;

Exploit Details

• Internal Research: PoC involves sending HTTP GET requests with traversal sequences in the sessionId query parameter.

Mitigation Strategies

• Strict Input Validation (Allowlisting)
• Canonical Path Resolution checks
• Least Privilege File Permissions

Remediation Steps:

1. Upgrade OpenClaw to version v2026.2.12 or later.
2. Audit the filesystem for unexpected files in the application root.
3. Rotate any API keys (OpenAI, AWS, etc.) that were accessible via the filesystem, as they may have been read.

References

• GitHub Advisory GHSA-5XFQ-5MR7-426Q
• CWE-22: Path Traversal

Read the full report for GHSA-5XFQ-5MR7-426Q on our website for more details including interactive diagrams and full exploit analysis.