Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
OpenClaw: Malicious Session IDs Can Read Unauthorized Files
CVE-2026-28482
GHSA-5xfq-5mr7-426q
Summary
OpenClaw versions prior to 2026.2.12 contain a security flaw that allows an attacker to access unauthorized files by manipulating session IDs. This only affects systems where the OpenClaw gateway is exposed to the internet. To fix this issue, update to OpenClaw version 2026.2.12 or later.
What to do
- Update steipete openclaw to version 2026.2.12.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.12 | 2026.2.12 |
Original title
OpenClaw's unsanitized session ID enables path traversal in transcript file operations
Original description
## Description
OpenClaw versions **<= 2026.2.9** construct transcript file paths using an unsanitized `sessionId` and also accept `sessionFile` paths without enforcing that they stay within the agent sessions directory.
A crafted `sessionId` and/or `sessionFile` (example: `../../etc/passwd`) can cause path traversal when the gateway performs transcript file read/write operations.
**Preconditions:** an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to `loopback` (local-only); configurations that expose the gateway widen the attack surface.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.9`
- Fixed: `>= 2026.2.12`
## Fix
Fixed by validating session IDs (rejecting path separators / traversal sequences) and enforcing sessions-directory containment for session transcript file operations.
### Fix Commit(s)
- `4199f9889f0c307b77096a229b9e085b8d856c26`
### Additional Hardening
- `cab0abf52ac91e12ea7a0cf04fff315cf0c94d64`
## Mitigation
Upgrade to `openclaw >= 2026.2.12`.
Thanks @akhmittra for reporting.
OpenClaw versions **<= 2026.2.9** construct transcript file paths using an unsanitized `sessionId` and also accept `sessionFile` paths without enforcing that they stay within the agent sessions directory.
A crafted `sessionId` and/or `sessionFile` (example: `../../etc/passwd`) can cause path traversal when the gateway performs transcript file read/write operations.
**Preconditions:** an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to `loopback` (local-only); configurations that expose the gateway widen the attack surface.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.9`
- Fixed: `>= 2026.2.12`
## Fix
Fixed by validating session IDs (rejecting path separators / traversal sequences) and enforcing sessions-directory containment for session transcript file operations.
### Fix Commit(s)
- `4199f9889f0c307b77096a229b9e085b8d856c26`
### Additional Hardening
- `cab0abf52ac91e12ea7a0cf04fff315cf0c94d64`
## Mitigation
Upgrade to `openclaw >= 2026.2.12`.
Thanks @akhmittra for reporting.
nvd CVSS3.1
7.1
nvd CVSS4.0
8.4
Vulnerability type
CWE-22
Path Traversal
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.12
- https://nvd.nist.gov/vuln/detail/CVE-2026-28482
- https://github.com/advisories/GHSA-5xfq-5mr7-426q
- https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d85...
- https://github.com/openclaw/openclaw/commit/cab0abf52ac91e12ea7a0cf04fff315cf0c9...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426q
- https://www.vulncheck.com/advisories/openclaw-path-traversal-via-unsanitized-ses...
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026