OpenClaw Path Traversal Vulnerability in Browser Tool Upload Action Allows Arbitrary File Read

A path traversal vulnerability has been identified in OpenClaw, a personal AI assistant, prior to version 2026.2.14. This vulnerability allows authenticated attackers to read arbitrary files from the Gateway host by exploiting the browser tool's 'upload' action. Attackers can supply absolute paths or traversal sequences, which the server passes to Playwright's 'setInputFiles()' APIs without proper validation. To exploit this vulnerability, an attacker must have valid Gateway authentication and the 'browser' tool enabled for the session. The impact is heightened if the Gateway is exposed beyond loopback.

Impact

Exploitation of this vulnerability leads to arbitrary local file reads on the Gateway host, with potential exposure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to the 'POST /hooks/file-chooser' endpoint with a path traversal sequence or an absolute path. This can be done using the OpenClaw command-line interface or by directly invoking the browser control hook endpoints, provided that the 'browser' tool is enabled for the session.

Remediation

Users can update to OpenClaw version 2026.2.14 or later, where this vulnerability has been patched. The upload paths are now restricted to OpenClaw's temporary uploads directory, and traversal paths are rejected.