OpenClaw Path Traversal Vulnerability in apply_patch Tool Allows File Modification Outside Workspace
Vulnerability
A path traversal vulnerability has been identified in OpenClaw versions prior to 2026.2.23. This vulnerability exists in the experimental apply_patch tool, where inconsistent enforcement of workspace-only checks on mounted paths allows attackers with sandbox access to modify files outside the designated workspace directory. Exploitation is possible by targeting writable mounts outside the workspace root, potentially leading to unauthorized access and modification of arbitrary files on the system.
Impact
Exploitation of this vulnerability could result in unauthorized file modifications outside the workspace directory, allowing for potential manipulation of system files or application data.
Reproduction
The vulnerability can be reproduced by enabling sandbox mode and the experimental apply_patch tool in an OpenClaw configuration. Once these features are active, apply_patch operations can be performed on writable mounts outside the workspace root, bypassing the intended workspace-only restrictions.
Remediation
Users can update to OpenClaw version 2026.2.23 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.