Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw: Writes outside intended folders in browser outputs
GHSA-3pxq-f3cp-jmxp
Summary
A security issue in OpenClaw versions up to 2026.3.1 could allow unintended files to be written outside their expected folders. This could lead to data corruption or unauthorized access. To fix this, update to OpenClaw version 2026.3.2 or later.
What to do
- Update openclaw to version 2026.3.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.1 | 2026.3.2 |
Original title
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows
Original description
### Summary
A path-confinement bypass in browser output handling allowed writes outside intended roots in `openclaw` versions up to and including `2026.3.1`.
The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related install/skills write paths.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version at triage time: `2026.3.1`
- Affected range: `<= 2026.3.1`
- Patched release: `2026.3.2` (released)
### Fix Commit(s)
- `104d32bb64cdf19d5e77f70553a511a2ae90ad1c`
### Technical Notes
- Browser output writes now use root-bound, fd/inode-verified commit flow.
- Install + skills path checks now share canonical in-base validation to reduce drift and close equivalent escape surfaces.
- Added regression coverage for symlink-rebind and root-bound source-path write behavior.
A path-confinement bypass in browser output handling allowed writes outside intended roots in `openclaw` versions up to and including `2026.3.1`.
The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related install/skills write paths.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version at triage time: `2026.3.1`
- Affected range: `<= 2026.3.1`
- Patched release: `2026.3.2` (released)
### Fix Commit(s)
- `104d32bb64cdf19d5e77f70553a511a2ae90ad1c`
### Technical Notes
- Browser output writes now use root-bound, fd/inode-verified commit flow.
- Install + skills path checks now share canonical in-base validation to reduce drift and close equivalent escape surfaces.
- Added regression coverage for symlink-rebind and root-bound source-path write behavior.
ghsa CVSS3.1
5.3
Vulnerability type
CWE-59
Link Following
CWE-367
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026