OpenClaw OpenShell Filesystem Bridge Symlink Swap Vulnerability Allowing Unauthorized File Access
Vulnerability
A time-of-check/time-of-use (TOCTOU) race condition has been identified in the OpenClaw application, specifically in versions prior to 2026.4.22. This vulnerability resides within the OpenShell filesystem bridge, where attackers can exploit symlink swaps during filesystem operations. Such exploitation allows for reading files outside the designated mount root, bypassing sandbox restrictions and accessing unauthorized file contents.
Impact
Exploitation of this vulnerability could lead to unauthorized access to file contents outside the intended sandbox boundaries.
Reproduction
The vulnerability can be reproduced by creating a symlinked file within a sandboxed environment that points to a location outside the allowed mount root. When the filesystem bridge attempts to read the file, the symlink swap can redirect the read operation to the unauthorized location, exploiting the TOCTOU race condition.
Remediation
Users can update to OpenClaw version 2026.4.22 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.