OpenClaw Path Traversal Vulnerability in apply_patch Allowing Arbitrary File Modification or Deletion

A path traversal vulnerability has been identified in OpenClaw versions prior to 2026.2.14, specifically within the apply_patch function. This vulnerability allows attackers to write or delete files outside the designated workspace directory. The issue arises when apply_patch is enabled without proper filesystem sandboxing, enabling crafted paths that include directory traversal sequences or absolute paths to escape workspace limitations and alter arbitrary files.

Impact

Exploitation of this vulnerability could lead to unauthorized modification or deletion of files outside the application's designated workspace, potentially disrupting normal operations or causing data loss.

Reproduction

The vulnerability can be reproduced by enabling the apply_patch function without filesystem sandbox containment. Once this is done, crafted patch inputs that include directory traversal sequences or absolute paths can be used to escape the workspace boundaries and write or delete files outside the intended directory.

Remediation

Users can update to OpenClaw version 2026.2.14 or later, keep the apply_patch feature disabled if not needed, and restrict who can execute tools that use the apply_patch function.