NearAI IronClaw Symlink Vulnerability in Write File Tool Allows Arbitrary File Writes

Vulnerability

A vulnerability in NearAI IronClaw versions through 0.29.1 allows the built-in 'write_file' tool to write files outside of its designated sandbox. This occurs when the specified path is a dangling symlink pointing to a location beyond the sandbox boundary. The path validation process fails to resolve the symlink correctly, leading to an unauthorized write. The issue requires local access to exploit and has a public exploit available.

Impact

Exploitation of this vulnerability bypasses the intended sandbox restrictions of the 'write_file' tool, allowing for arbitrary file writes outside the designated safe area. This could disrupt project isolation, damage important host files, or overwrite trusted configuration and automation resources.

Reproduction

The vulnerability can be reproduced by creating a dangling symlink that points to a location outside the 'write_file' tool's sandbox. When the 'write_file' tool is executed with a path that includes this symlink, the tool's validation process fails to resolve the link properly, allowing the write operation to overwrite a file outside the allowed directory.

Remediation

Users are advised to update to the patched version of NearAI IronClaw, which addresses this vulnerability by improving the path validation process to correctly handle symlinks.

Added: Jul 18, 2026, 6:24 PM
Updated: Jul 18, 2026, 6:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.8
exploitability
4.6
remediation
0.0
relevance
10.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.