CVE-2026-41370
Path Traversal in OpenClaw ACP Dispatch Allows Arbitrary File Access
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41370 is a path traversal vulnerability in the OpenClaw software versions before 2026.3.31. It occurs in the ACP dispatch component, where inbound channel attachment paths are not properly restricted. Attackers can manipulate these attachment paths using special elements like "../" to escape the intended directories, such as the attachment-cache or root directories, allowing them to read arbitrary files outside the allowed locations.
This vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and was fixed by enforcing strict validation and normalization of attachment paths, ensuring they remain within explicitly allowed directories.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-41370 allows remote attackers to read arbitrary files outside intended directories by exploiting a path traversal vulnerability in OpenClaw's ACP dispatch component. This unauthorized file access can lead to exposure of sensitive or confidential data.
Such unauthorized data exposure can negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to personal and sensitive information.
By allowing attackers to bypass directory restrictions and read arbitrary files, the vulnerability increases the risk of data breaches, potentially resulting in regulatory violations, legal consequences, and reputational damage.
Mitigating this vulnerability by upgrading to OpenClaw version 2026.3.31 or later is essential to maintain compliance and protect sensitive data from unauthorized access.
How can this vulnerability impact me? :
This vulnerability allows remote attackers with partial privileges to read arbitrary files on the system running OpenClaw by bypassing directory restrictions. The impact is primarily on confidentiality, as sensitive files outside the intended directories can be accessed without authorization.
Because the attack vector is network-based and requires low attack complexity with no user interaction, it poses a significant risk of unauthorized data disclosure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves path traversal via inbound channel attachment paths in the ACP dispatch component of OpenClaw. Detection involves monitoring for suspicious attachment paths containing traversal elements like "../" that attempt to access files outside the intended directories.
You can detect attempts to exploit this vulnerability by inspecting logs for verbose messages indicating skipped attachments due to path validation failures, as the patched version logs such events.
While no explicit detection commands are provided, you can use commands to search for suspicious file access patterns or path traversal attempts in logs or network traffic, for example:
- Use grep to find suspicious attachment paths in logs: grep -r '\.\./' /path/to/openclaw/logs
- Monitor network traffic for inbound requests containing path traversal sequences using tools like tcpdump or Wireshark with filters for "../" patterns.
- Check the version of OpenClaw installed to determine if it is vulnerable: npm list openclaw or check package.json for version prior to 2026.3.31.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.31 or later, where the vulnerability has been fixed by enforcing strict validation and restriction of attachment paths to allowed inbound root directories.
The fix includes normalization and validation of attachment paths, rejecting those outside allowed directories, and secure file reading mechanisms to prevent symbolic link attacks and oversized files.
Until the upgrade can be applied, consider monitoring and blocking inbound requests with suspicious attachment paths containing traversal sequences, and restrict privileges of the OpenClaw process to limit file system access.