Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
OpenClaw Browser Control API Allows Unauthorized File Writing
CVE-2026-28462
GHSA-gq9c-wg68-gwj2
Summary
Old versions of OpenClaw software let attackers write files outside of a temporary directory, potentially causing data loss or malicious activities. This affects any system with OpenClaw version prior to 2026.2.13. Update to the latest version to fix this issue.
What to do
- Update steipete openclaw to version 2026.2.13.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.13 | 2026.2.13 |
| openclaw | openclaw | <= 2026.2.13 | – |
Original title
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining...
Original description
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST /trace/stop, POST /wait/download, and POST /download endpoints to write files outside intended temp roots.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
- https://github.com/openclaw/openclaw/pull/15652
- https://nvd.nist.gov/vuln/detail/CVE-2026-28462
- https://github.com/advisories/GHSA-gq9c-wg68-gwj2
- https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-gq9c-wg68-gwj2
- https://www.vulncheck.com/advisories/openclaw-path-traversal-in-trace-and-downlo...
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026