Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7xr2-q9vf-x4r5. This link is maintained to preserve external references. Original Description OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers tha...

CVE-2026-35632 OpenClaw <= 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...

CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...