CVE-2026-26972
Path Traversal in OpenClaw Browser Download Helper Allows Arbitrary File Write
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.1.12 (inc) to 2026.2.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-26972 is a path traversal vulnerability in the OpenClaw personal AI assistant's browser download helpers. In affected versions (2026.1.12 through 2026.2.12), the browser download functionality accepted an unsanitized output path when invoked via browser control gateway routes. This flaw allowed an attacker with authenticated CLI access or an authenticated gateway RPC token to write downloaded files outside the intended temporary downloads directory by exploiting directory traversal."}, {'type': 'paragraph', 'content': 'The vulnerability arises because the code did not properly constrain or validate the file paths used for downloads, allowing escape from the designated temporary directories. The issue is not exposed through the AI agent tool schema, which lacks a download action.'}, {'type': 'paragraph', 'content': 'The fix, introduced in version 2026.2.13, enforces strict path resolution and validation to ensure all download and trace output paths remain confined within designated OpenClaw temporary directories, preventing unauthorized file system access or overwrites.'}] [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with high-level authenticated access (CLI or gateway RPC token) to perform path traversal attacks, enabling them to write files outside the intended temporary download directory.
This can lead to unauthorized modification or overwriting of files on the system, potentially compromising confidentiality, integrity, and availability of data and system resources.
Because the vulnerability requires high privileges and local access, the risk is moderate but significant in environments where such access is possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "Detection of this vulnerability involves identifying attempts to exploit path traversal in OpenClaw's browser download helpers by checking for unauthorized file writes outside the intended temporary download directories."}, {'type': 'paragraph', 'content': 'Since exploitation requires authenticated CLI access or an authenticated gateway RPC token, monitoring authenticated requests to the browser control gateway routes such as POST /wait/download and POST /download for unusual or unexpected output paths is critical.'}, {'type': 'paragraph', 'content': 'You can audit logs for HTTP 400 responses with error messages indicating path validation failures, which would suggest attempts to use traversal paths.'}, {'type': 'paragraph', 'content': 'Suggested commands or approaches include:'}, {'type': 'list_item', 'content': 'Review OpenClaw gateway logs for POST requests to /wait/download and /download endpoints with suspicious path parameters.'}, {'type': 'list_item', 'content': 'Use file system monitoring tools (e.g., inotifywait on Linux) to detect unexpected file writes outside the designated OpenClaw temp directories (/tmp/openclaw/downloads or equivalent).'}, {'type': 'list_item', 'content': 'Search for error messages related to path validation failures in OpenClaw logs, which indicate rejected traversal attempts.'}, {'type': 'list_item', 'content': 'If you have access to the OpenClaw CLI or gateway, attempt to invoke download commands with crafted paths to test if the system properly rejects traversal outside the allowed directories.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The primary and immediate mitigation step is to upgrade OpenClaw to version 2026.2.13 or later, which includes the fix that enforces strict path resolution and validation to prevent path traversal.
Additional mitigation steps include:
- Restrict authenticated CLI and gateway RPC token access to trusted users only, as exploitation requires authenticated access.
- Monitor and block any requests attempting to specify output paths outside the designated temporary directories.
- Apply strict file system permissions on OpenClaw temporary directories to limit unauthorized file writes.
- Review and harden gateway and ACP permissions to prevent unauthorized tool invocations.