4 matches found
GHSA-9F79-7PW8-3FJ8 Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgrq-9f93-wpp5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that...
Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgrq-9f93-wpp5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that...
CVE-2026-32055 OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...
CVE-2026-32055
OpenClaw is affected: versions prior to 2026.2.26 contain a path traversal flaw in workspace boundary validation. The boundary check may mis-resolve aliases, allowing the first write operation to escape the workspace via in-workspace symlinks to non-existent out‑of‑root targets, enabling files to...