CVE-2026-43567

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

CVE-2026-43567

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

EUVD-2026-27285

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

CVE-2026-43567

OpenClaw is affected by a path traversal issue in the screen_record tool’s outPath parameter, allowing an attacker to specify an outPath outside the workspace boundary and write to unintended system locations. This vulnerability exists in OpenClaw pre-2026.4.10. The root cause is bypassing worksp...

CVE-2026-43567 OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the outPath parameter of the screenrecord tool. By bypassing the file system...

GHSA-JF25-7968-H2H5 OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...

PT-2026-37022

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A path traversal issue exists in the screen record tool where the outPath parameter bypasses workspace-only filesystem guards. This allows an authorized tool call to write files to unintended...

PT-2022-16696 · Git +1 · Git +1

Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...