OpenClaw Path Traversal Vulnerability Allowing Arbitrary File Read via Symlink Following
Vulnerability
A path traversal vulnerability has been identified in OpenClaw versions prior to 2026.2.22. This vulnerability exists in the static file handler of the Control UI, where the handler follows symbolic links, leading to unauthorized file reads outside the intended directory. Attackers can exploit this by placing symlinks within the Control UI root directory, bypassing directory confinement checks and accessing arbitrary files beyond the designated root.
Impact
Exploitation of this vulnerability allows for unauthorized reading of files outside the intended directory, potentially leading to exposure of sensitive information.
Reproduction
To reproduce this vulnerability, create a symlink under the Control UI root directory that points to a file outside of it. When the symlinked file is requested through the static file handler, the server will follow the link and read the file, bypassing directory confinement checks.
Remediation
Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.