OpenClaw Path Traversal Vulnerability in ACP Dispatch Allowing Arbitrary File Read
Vulnerability
A path traversal vulnerability has been identified in OpenClaw versions prior to 2026.3.31, specifically within the ACP dispatch component. This vulnerability allows remote attackers to read arbitrary files by manipulating inbound channel attachment paths. Exploitation involves bypassing attachment-cache and root directory checks, enabling access to files outside of the intended directories.
Impact
Exploitation of this vulnerability could lead to unauthorized reading of files on the server, potentially including sensitive information.
Reproduction
The vulnerability can be reproduced by sending a channel attachment that includes a path resolving outside the allowed roots, such as a file URL or a relative path that traverses directories. The ACP dispatch will read the attachment without enforcing the root checks, allowing access to files outside the intended directories.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.