OpenClaw versions before 2026.2.25 contain a symlink traversal flaw in the agents.files.get and agents.files.set methods that allow reading and writing files outside the agent workspace. Key detail from CVE description: the flaw lets attackers access arbitrary host files within gateway process permissions. Key detail from CVE description: this can lead to code execution through file overwrite attacks. The vulnerability is categorized as CWE-59 (Improper Access Control: Path Traversal). The impact is the potential compromise of confidentiality, integrity, and availability for the entire host system, and if a critical file is overwritten, full remote code execution may be achieved.

Affected products are OpenClaw:OpenClaw. Key detail from CVE description: all releases prior to version 2026.2.25 are vulnerable. The Common Platform Enumeration identifies the product as a Node.js application (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*). Operators using versions older than 2026.2.25 should verify if the agents.files API is exposed to external clients and assess the presence of allowlisted files that could be symlinked.

Key detail from CVSS score: the vulnerability has a CVSS score of 8.7, indicating high severity. EPSS score is not available and the vulnerability is not listed in the KEV catalog, suggesting limited public exploitation data. Key detail from CVE description: the flaw requires that an attacker can invoke the agents.files API. Based on the description it is inferred that the API must be reachable over the network or exposed through a management interface. If exposed to untrusted networks, the risk is heightened, as attackers can read sensitive host files or overwrite critical binaries, leading to system compromise.