OpenClaw: Files Can Be Created or Truncated Outside of Allowed Area

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

OpenClaw: Files Can Be Created or Truncated Outside of Allowed Area

GHSA-x82f-27x3-q89c

Summary

A security flaw in OpenClaw could allow an attacker to create or delete files outside of the allowed area, potentially causing unintended behavior. This vulnerability affects versions of OpenClaw up to 2026.2.26 and has been fixed in version 2026.3.1. To stay protected, update to the latest version of OpenClaw.

What to do

Update openclaw to version 2026.3.1.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.1	2026.3.1

Original title

OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries

Original description

### Summary
A symlink-retarget TOCTOU race in `writeFileWithinRoot` could point an attacker-controlled path alias outside the configured root between resolution and write operations.

### Impact
Affected versions could cause out-of-root write side effects (including file creation or truncation) before final boundary validation.

### Fix
Root-scoped write flow now opens existing files without pre-truncation, creates missing files with exclusive create semantics, truncates only after post-open identity/boundary checks, and removes out-of-root artifacts when a race is detected.

### Affected and Patched Versions
- Affected: `<= 2026.2.26`
- Patched: `2026.3.1`

ghsa CVSS4.0 8.7

Vulnerability type

CWE-59 Link Following

CWE-367

Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026