CVE-2026-43567
Path Traversal in OpenClaw Screen Recording Tool
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-43567 is a path traversal vulnerability in the OpenClaw software versions before 2026.4.10. It specifically affects the screen_record tool's outPath parameter, which is supposed to restrict file writing to within a designated workspace directory.
Due to this vulnerability, attackers can bypass the workspace-only filesystem guards by specifying an outPath outside the workspace boundary, allowing them to write files to unintended locations on the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to write files outside the intended workspace boundary by bypassing filesystem guards. This unauthorized file write capability could potentially lead to unauthorized data access or modification.
Such unauthorized access or modification of files may impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls over data access and integrity to protect sensitive information.
However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with these regulations.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with authorized access to write files outside the intended workspace directory, potentially leading to unauthorized file creation or modification on the system.
Such unauthorized file writes could be used to place malicious files, overwrite important system files, or otherwise compromise the integrity and security of the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-43567 vulnerability, you should upgrade OpenClaw to version 2026.4.10 or later, as these versions include the fix that properly guards the screen_record tool's outPath parameter against path traversal attacks.
The fix ensures that the outPath parameter is validated to remain within the workspace boundaries, preventing unauthorized file writes outside the workspace.
Ensure that your system is running a patched version such as 2026.4.10 or newer (including the latest npm release 2026.4.14) to protect against this vulnerability.