Description
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files.
Published: 2026-03-11
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Path Traversal – Arbitrary File Write/Deletion
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.2.14 contain a path traversal flaw in the apply_patch routine that allows an attacker to craft file paths with traversal sequences or absolute locations. This flaw enables the creation, modification, or deletion of files outside the intended workspace, potentially allowing the attacker to place executable code or alter critical configuration files, thereby compromising confidentiality, integrity, and availability. The weakness is identified as CWE-22.

Affected Systems

The vulnerability affects the OpenClaw software suite (vendor: openclaw, product: openclaw) in all releases prior to 2026.2.14. Versions 2026.2.13 and earlier are vulnerable; product versions 2026.2.14 and newer are not affected.

Risk and Exploitability

The CVSS v3.1 score is 8.7, indicating high severity, while the EPSS score is below 1%, suggesting a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation appears to require access to the apply_patch interface, which is typically exposed via a local or network API. The likely attack vector is remote since the flaw can be triggered by sending a crafted request to the patch endpoint; however, this is inferred from the description and not explicitly stated.

Generated by OpenCVE AI on March 17, 2026 at 16:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.14 or later.
  • Configure apply_patch to enforce filesystem sandbox containment so that all file operations are confined within the workspace.
  • Restrict or disable apply_patch for unauthorized users or untrusted sources.
  • Verify that file permissions and ownership cannot be altered outside the intended workspace.

Generated by OpenCVE AI on March 17, 2026 at 16:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r5fq-947m-xm57 OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace
History

Mon, 16 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Wed, 11 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files.
Title OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*
cpe:2.3:a:openclaw:openclaw:2026.2.14:*:*:*:*:*:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T14:42:06.135Z

Reserved: 2026-03-10T19:51:56.114Z

Link: CVE-2026-32060

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T14:16:27.943

Modified: 2026-03-16T17:39:12.290

Link: CVE-2026-32060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:16Z

Weaknesses