OpenClaw versions before 2026.2.23 contain a path traversal flaw in the experimental apply_patch tool that allows an attacker with sandbox access to modify files outside the defined workspace directory. The weakness, identified as CWE-22, directly enables arbitrary file write operations on the host filesystem. Based on the description, it is inferred that an attacker could alter critical system files, potentially enabling code execution or further privilege escalation, but the CVE text does not explicitly confirm RCE. The primary impact is therefore the ability to tamper with or compromise system files that are normally protected by the sandbox boundary.

The affected product is OpenClaw (OpenClaw:OpenClaw). All releases prior to version 2026.2.23 are vulnerable, as the CPE entry cpe:2.3:a:openclaw:openclaw:* indicates no sub‑version filtering. No more specific version information is provided by the vendor.

The CVSS score of 7.6 marks this flaw as High severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to possess sandbox or API access and to invoke an apply_patch operation on a writable mount that resides outside the workspace root. Once such prerequisites are met, the attacker can modify arbitrary files on the system, creating a high risk of system compromise.