OpenClaw Symlink Traversal Vulnerability in Remote Marketplace Repository Path Handling

A symlink traversal vulnerability has been identified in OpenClaw versions 2026.3.22 prior to 2026.4.5. This vulnerability allows attackers to escape the expected repository root in remote marketplace path handling by providing crafted symlink paths, enabling access to files outside the intended repository directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files outside the designated repository directory, potentially allowing for the manipulation or disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by creating a symlink that points to a location outside the expected repository root and then using this symlinked path in a remote marketplace plugin source. This can be done by mocking a remote marketplace clone that includes the symlink path in the plugin file source, which will then be processed by the application, escaping the intended directory restrictions.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.5 or later. The latest version available on npm, 2026.4.14, includes the necessary fix.