OpenClaw Path Traversal Vulnerability in Browser Download Functionality

A path traversal vulnerability has been identified in OpenClaw, a personal AI assistant, specifically in versions 2026.1.12 prior to 2026.2.12. The issue arises in the OpenClaw browser download helpers, which accepted an unsanitized output path. When these download helpers were invoked through the browser control gateway routes, the lack of proper path validation allowed downloads to be written outside the designated OpenClaw temporary downloads directory. This vulnerability requires authenticated command-line interface (CLI) access or an authenticated gateway remote procedure call (RPC) token for exploitation.

Impact

Exploitation of this vulnerability allows for path traversal, enabling downloads to be written outside the intended temporary directory, which could lead to unauthorized file access or manipulation.

Reproduction

To reproduce this vulnerability, first ensure you have an authenticated CLI session or a valid gateway RPC token. Then, use the OpenClaw browser control commands to initiate a download. Specify a file name that includes traversal characters to navigate out of the default downloads directory. After the download completes, check the specified output path to confirm that the file was saved outside the intended directory.

Remediation

Users can upgrade to OpenClaw version 2026.2.13 or later, where this vulnerability has been fixed.