Description
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.
Published: 2026-03-21
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local File Overwrite
Action: Patch Immediately
AI Analysis

Impact

OpenClaw versions prior to 2026.2.25 contain a symlink traversal flaw in the handling of browser trace and download output paths. The vulnerability allows a local attacker to create symbolic links that redirect file writes from a temporary directory managed by the application, enabling the attacker to write arbitrary data outside the intended directory. This can lead to overwriting of system or application files, compromising integrity and potentially facilitating further escalation.

Affected Systems

OpenClaw software, all versions before 2026.2.25. The affected products are identified under the vendor name OpenClaw and product name OpenClaw. No specific sub‑versions beyond the major release are noted; the vulnerability exists in all releases preceding the 2026.2.25 update.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.9, indicating a moderate severity. EPSS data is not available, and the issue is not listed in CISA's KEV catalog. Because the flaw requires local access and the ability to create files or symlinks in the application's temporary directory, the attack vector is inferred to be local. Once exploited, the attacker may overwrite arbitrary files, which could be used for privilege escalation or persistence, but no remote exploitation is described in the available data.

Generated by OpenCVE AI on March 21, 2026 at 07:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.2.25 or later to remove the symlink handling vulnerability.

Generated by OpenCVE AI on March 21, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-36h3-7c54-j27r OpenClaw has browser trace/download path symlink escape in temp output handling
History

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.
Title OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-59
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-21T03:40:26.421Z

Reserved: 2026-03-10T19:48:47.516Z

Link: CVE-2026-32054

cve-icon Vulnrichment

Updated: 2026-03-21T03:40:22.501Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:08.703

Modified: 2026-03-24T21:11:08.830

Link: CVE-2026-32054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:44:15Z

Weaknesses