Login Sign Up

CVE-2026-26972

6.7 MEDIUM
Path Traversal

📋 TL;DR

OpenClaw versions 2026.1.12 through 2026.2.12 contain a path traversal vulnerability in browser download helpers that allows authenticated attackers to write files outside the intended temporary downloads directory. This affects users running vulnerable OpenClaw versions with authenticated CLI access or authenticated gateway RPC tokens. The vulnerability is not exposed through the AI agent tool schema.

💻 Affected Systems

Products:
  • OpenClaw
Versions: 2026.1.12 through 2026.2.12
Operating Systems: All platforms running OpenClaw
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations using browser download helpers via browser control gateway routes. Not exposed via AI agent tool schema.

📦 What is this software?

Openclaw by Openclaw

View all CVEs affecting Openclaw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker writes arbitrary files to any location the OpenClaw process can access, potentially leading to remote code execution, data corruption, or system compromise.

🟠

Likely Case

Authenticated user with malicious intent writes files to unauthorized directories, potentially overwriting configuration files or planting backdoors.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary file system manipulation within the OpenClaw user context.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated CLI access or authenticated gateway RPC token. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.2.13

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-xwjm-j929-xq7c

Restart Required: Yes

Instructions:

1. Stop OpenClaw service. 2. Update to version 2026.2.13 via package manager or manual installation. 3. Restart OpenClaw service.

🔧 Temporary Workarounds

Disable browser control gateway

all

Prevent exploitation by disabling the vulnerable browser control gateway routes

openclaw config set browser.gateway.enabled false
systemctl restart openclaw

Restrict RPC token access

all

Limit authenticated gateway RPC tokens to trusted users only

openclaw auth revoke --type rpc
openclaw auth create --type rpc --user trusted_user

🧯 If You Can't Patch

  • Restrict CLI and RPC access to trusted administrators only
  • Implement file system monitoring for writes outside OpenClaw temp directory

🔍 How to Verify

Check if Vulnerable:

Check OpenClaw version: openclaw --version. If version is between 2026.1.12 and 2026.2.12 inclusive, system is vulnerable.

Check Version:

openclaw --version

Verify Fix Applied:

After patching, verify version is 2026.2.13 or higher: openclaw --version

📡 Detection & Monitoring

Log Indicators:

  • File write operations outside /tmp/openclaw/downloads/ directory
  • Browser gateway download requests with unusual path parameters

Network Indicators:

  • RPC calls to browser control gateway with path traversal patterns

SIEM Query:

process:openclaw AND (file_write:../ OR file_write:../../ OR file_write:*..*)

📊 Metadata

CVE ID: CVE-2026-26972
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: February 20, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26972, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)