OpenClaw Path-Confinement Bypass Vulnerability in File Write Operations

A path-confinement bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.2. This vulnerability arises from insufficient validation of canonical path boundaries in file write operations, allowing attackers to escape root directory restrictions and write files to arbitrary locations. The issue is present in the browser output handling, which failed to enforce proper path confinement, enabling writes outside the intended root directories.

Impact

Exploitation of this vulnerability allows for arbitrary file writes outside of the designated root directories, potentially leading to unauthorized data manipulation or disclosure.

Reproduction

The vulnerability can be reproduced by creating a symbolic link that points outside of the allowed directory structure and then performing a file write operation. This can be done by using a Playwright script that downloads a file to a location outside the intended root directory, taking advantage of the application's insufficient path validation.

Remediation

Users can update to OpenClaw version 2026.3.2 or later, where this vulnerability has been patched.