Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenClaw Browser Output Bypass: Unintended Writes Possible
GHSA-3pxq-f3cp-jmxp
CVE-2026-22180
Summary
A security issue in OpenClaw, a tool for browser output handling, allowed malicious writes outside intended folders. This could potentially lead to data corruption or unauthorized changes. To fix this, update to the latest version of OpenClaw, version 2026.3.2, which includes improved write protection and validation.
What to do
- Update steipete openclaw to version 2026.3.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.3.2 | 2026.3.2 |
Original title
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficie...
Original description
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and write files to arbitrary locations.
osv CVSS3.1
5.3
Vulnerability type
CWE-367
CWE-59
Link Following
Published: 18 Mar 2026 · Updated: 18 Mar 2026 · First seen: 18 Mar 2026