Description
OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.
Published: 2026-05-05
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before version 2026.4.10 contains a path‑traversal flaw in the screen_record tool’s outPath parameter that bypasses the intended workspace‑only filesystem restrictions. When an attacker supplies a path that points outside the workspace, the tool writes data to that location, allowing the creation or alteration of arbitrary files on the system. This vulnerability can be leveraged to tamper with configuration files, drop malicious payloads, or overwrite system binaries, potentially granting the attacker elevated privileges or remote code execution capabilities.

Affected Systems

The affected product is OpenClaw as provided by the OpenClaw vendor. All releases prior to 2026.4.10 are vulnerable, and the issue is fixed in release 2026.4.10 and later.

Risk and Exploitability

The vulnerability has a CVSS score of 7.1, indicating high severity, and no EPSS score is currently available. It is not listed in the CISA KEV catalog. The attack vector is inferred to be local execution of the screen_record tool by an attacker who can supply the outPath parameter, such as a user with access to the application or a process that can invoke it. Successful exploitation requires the ability to run screen_record and supply the outPath input, after which arbitrary file write becomes possible, potentially leading to privilege escalation or other malicious actions.

Generated by OpenCVE AI on May 5, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply OpenClaw version 2026.4.10 or later to remove the path‑traversal flaw.
  • Restrict permissions so that only trusted users can execute the screen_record tool or provide the outPath argument.
  • Implement input validation on the outPath parameter to ensure it resides within the designated workspace directory.
  • If an immediate upgrade is not feasible, disable or remove the screen_record functionality until a patched version is deployed.

Generated by OpenCVE AI on May 5, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jf25-7968-h2h5 OpenClaw: screen_record outPath bypassed workspace-only filesystem guard
History

Tue, 05 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.
Title OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T14:12:23.592Z

Reserved: 2026-05-01T16:58:23.117Z

Link: CVE-2026-43567

cve-icon Vulnrichment

Updated: 2026-05-05T13:49:46.442Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-05T12:16:20.190

Modified: 2026-05-05T19:32:49.650

Link: CVE-2026-43567

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:15:15Z

Weaknesses