Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw allows attackers to write files outside its temp directory
GHSA-vj3g-5px3-gr46
Summary
OpenClaw, a software package, has a security issue that could allow an attacker to write files outside the intended temporary directory. This is a problem because an attacker could potentially write malicious files to any location on the system. To fix this, the developers have updated the software to use safer file paths and add additional security checks. Users should update to the latest version, OpenClaw 2026.2.19, to protect themselves from this vulnerability.
What to do
- Update openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.19 | 2026.2.19 |
Original title
OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
Original description
## Summary
OpenClaw’s Feishu media download flow used untrusted Feishu media keys (`imageKey` / `fileKey`) when building temporary file paths in `extensions/feishu/src/media.ts`.
Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside `os.tmpdir()`.
## Impact
This is an arbitrary file write issue (within the OpenClaw process file permissions).
If an attacker can control Feishu media key values returned to the client (for example via compromised upstream response path), they can influence where downloaded bytes are written.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version at triage: `2026.2.17`
- Affected versions: `<= 2026.2.17`
- Fixed version: `2026.2.19`
## Fix Commit(s)
- `c821099157a9767d4df208c6b12f214946507871`
- `cdb00fe2428000e7a08f9b7848784a0049176705`
- `ec232a9e2dff60f0e3d7e827a7c868db5254473f`
## Remediation
The fix removes key-derived temp-file naming and keeps downloads in safe temp locations. Additional hardening isolates SDK `writeFile` calls in per-download temp directories (`mkdtemp`) with deterministic cleanup, enforces Feishu key trust-boundary validation, and adds a repository guard test against dynamic `path.join(os.tmpdir(), \`...${...}\`)` patterns in runtime code.
OpenClaw thanks @allsmog for reporting.
OpenClaw’s Feishu media download flow used untrusted Feishu media keys (`imageKey` / `fileKey`) when building temporary file paths in `extensions/feishu/src/media.ts`.
Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside `os.tmpdir()`.
## Impact
This is an arbitrary file write issue (within the OpenClaw process file permissions).
If an attacker can control Feishu media key values returned to the client (for example via compromised upstream response path), they can influence where downloaded bytes are written.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version at triage: `2026.2.17`
- Affected versions: `<= 2026.2.17`
- Fixed version: `2026.2.19`
## Fix Commit(s)
- `c821099157a9767d4df208c6b12f214946507871`
- `cdb00fe2428000e7a08f9b7848784a0049176705`
- `ec232a9e2dff60f0e3d7e827a7c868db5254473f`
## Remediation
The fix removes key-derived temp-file naming and keeps downloads in safe temp locations. Additional hardening isolates SDK `writeFile` calls in per-download temp directories (`mkdtemp`) with deterministic cleanup, enforces Feishu key trust-boundary validation, and adds a repository guard test against dynamic `path.join(os.tmpdir(), \`...${...}\`)` patterns in runtime code.
OpenClaw thanks @allsmog for reporting.
ghsa CVSS4.0
6.9
Vulnerability type
CWE-22
Path Traversal
- https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46
- https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f21494650...
- https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a004917...
- https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254...
- https://github.com/advisories/GHSA-vj3g-5px3-gr46
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026