OpenClaw Symlink Traversal Vulnerability in stageSandboxMedia Allowing File Overwrite Outside Sandbox

A symlink traversal vulnerability has been identified in OpenClaw versions prior to 2026.3.2, specifically within the stageSandboxMedia function. This vulnerability allows attackers to overwrite files outside the designated sandbox workspace by exploiting unvalidated destination paths in the media/inbound directory. The issue arises because the function does not properly validate destination aliases, enabling writes to follow symlinks and overwrite host files beyond the intended sandbox boundaries.

Impact

Exploitation of this vulnerability could lead to unauthorized overwriting of files on the host system, potentially causing data loss or disruption of services.

Reproduction

The vulnerability can be reproduced by staging a file into the sandbox workspace while a symlink is present in the destination path. This can be done by creating a symlink in the 'media/inbound' directory that points to a file outside the sandbox workspace. When the 'stageSandboxMedia' function is called, it will follow the symlink and overwrite the targeted file, bypassing sandbox restrictions.

Remediation

Users can update to OpenClaw version 2026.3.2 or later, where this vulnerability has been patched.