Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
OpenClaw versions prior to 2026.2.14 can write or delete files outside the workspace
CVE-2026-32060
Summary
Old versions of OpenClaw can let attackers write or delete files outside the intended workspace, causing unintended changes to your system. This is a serious issue because it can lead to data loss or corruption. Update to OpenClaw 2026.2.14 or later to fix this problem.
Original title
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patc...
Original description
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026