A path traversal vulnerability exists in OpenClaw software versions before 2026.2.24. The flaw allows @-prefixed absolute paths, such as @/etc/passwd, to bypass the workspace‑only file‑system boundary validation because the canonicalization process incorrectly interprets the leading @ character. This misstep makes it possible for an attacker to read files located outside the intended workspace directory, exposing sensitive data to unauthorized users. The weakness is formally classified as CWE‑22: Path Traversal.

Affected product: OpenClaw (product OpenClaw). All releases with a version number lower than 2026.2.24 contain the issue; the vulnerability is resolved in version 2026.2.24 and later. The product is represented by the CPE string cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*.

The CVSS score of 6.0 indicates a medium severity level, and the vulnerability is not listed in the CISA KEV catalog. An EPSS score is not provided, so current exploitation likelihood cannot be quantified. The CVE description states that an attacker can exploit the flaw by supplying specially‑crafted @-prefixed paths when the OpenClaw process runs with tools.fs.workspaceOnly enabled; however, the description does not specify whether the vulnerable component is exposed over a network or confined to local execution. It is therefore inferred that the attack could be remote if the component is publicly accessible, or local if an attacker can influence input to the process. The overall risk is notable but not the highest priority, given the medium CVSS score and lack of KEV listing.