OpenClaw Symlink Traversal Vulnerability in Temporary Path Handling
Vulnerability
A symlink traversal vulnerability has been identified in OpenClaw versions prior to 2026.2.25. This vulnerability resides in the browser's trace and download output path management, allowing local attackers to escape the designated temporary root directory. By creating symlinks, an attacker can redirect file writes outside the intended temporary directory, leading to arbitrary file overwrites on the affected system.
Impact
Exploitation of this vulnerability could result in unauthorized overwriting of files on the system.
Reproduction
The vulnerability can be reproduced by creating a symlinked directory that points to a location outside the managed temporary root. Then, when a file write is initiated through the application's download or trace output features, the symlink will redirect the file to the external location, bypassing the intended safeguards.
Remediation
Users can update to OpenClaw version 2026.2.25 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.