Executive Summary

CVE-2026-3689 is a path traversal information disclosure vulnerability in OpenClaw's Canvas gateway endpoint.

The vulnerability arises because the application does not properly validate user-supplied path parameters before using them in file operations.

An authenticated attacker can exploit this flaw by sending a specially crafted request with a malicious file path, allowing them to read arbitrary files accessible to the service account running OpenClaw.

This means sensitive information stored on the server can be disclosed to the attacker.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information stored on the server where OpenClaw is installed.

• An attacker with valid authentication can read arbitrary files such as system files (/etc/passwd), private keys (~/.ssh/id_rsa), AWS credentials (~/.aws/credentials), or the gateway's own token.
• The attacker can exfiltrate this information by exploiting the vulnerability, potentially leading to further compromise or data leakage.

The impact is significant because the attacker gains access to sensitive data within the context of the service account running OpenClaw.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to exploit the path traversal flaw on the OpenClaw canvas gateway endpoint with authenticated access.

A practical detection method involves sending an authenticated POST request to the /tools/invoke endpoint with the action parameter set to "a2ui_push" and the jsonlPath parameter pointing to sensitive files such as /etc/passwd.

If the server responds with a 200 OK status and the contents of the specified file are accessible or forwarded, the system is vulnerable.

Example command using curl (replace <token> with a valid authentication token):

• curl -X POST https://<openclaw-host>/tools/invoke -H "Authorization: Bearer <token>" -H "Content-Type: application/json" -d '{"action":"a2ui_push","params":{"jsonlPath":"/etc/passwd"}}'

A 401 Unauthorized response indicates lack of authentication, while a 200 OK with file contents indicates vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update OpenClaw to version 2026.2.21 or later, where the vulnerability has been patched by adding proper path validation and restrictions.

Until the update can be applied, restrict access to the OpenClaw canvas gateway endpoint to trusted users only, ensuring that only authenticated and authorized users can reach this service.

Additionally, monitor logs for suspicious POST requests to /tools/invoke with the a2ui_push action and unexpected file path parameters.

Consider implementing network-level controls such as firewall rules or API gateway policies to limit access.

Useful 0 Not Useful 0

Compliance Impact

CVE-2026-3689 is a path traversal information disclosure vulnerability that allows authenticated attackers to read arbitrary files on the affected OpenClaw system. This can lead to unauthorized disclosure of sensitive information accessible to the service account running the application.

Such unauthorized disclosure of sensitive data can potentially impact compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and disclosure.

By enabling attackers to exfiltrate sensitive files, this vulnerability increases the risk of data breaches, which may result in regulatory non-compliance, legal liabilities, and reputational damage.

Mitigation through patching and proper input validation is essential to maintain compliance and protect sensitive data.

Useful 0 Not Useful 0