Plattform
nodejs
Komponente
openclaw
Behoben in
2026.2.12
CVE-2026-28482 describes a Path Traversal vulnerability discovered in OpenClaw. This flaw allows authenticated attackers to read or write arbitrary files on the system by exploiting insufficient input validation in transcript file path construction. The vulnerability impacts OpenClaw versions prior to 2026.2.12 and has been resolved in version 2026.2.12.
The core of the vulnerability lies in how OpenClaw constructs file paths for transcript files. The sessionId and sessionFile parameters, which are intended to be unique identifiers, are not properly sanitized before being incorporated into the file path. This allows an attacker, after successfully authenticating, to inject path traversal sequences (e.g., ../../etc/passwd) into these parameters. By doing so, they can escape the intended session directory and access or modify files outside of it. The potential impact is significant, ranging from reading sensitive configuration files to overwriting critical system files, potentially leading to complete system compromise. This vulnerability shares similarities with other path traversal exploits where unsanitized user input is directly used in file path construction.
CVE-2026-28482 was publicly disclosed on March 5, 2026. Its severity is rated HIGH with a CVSS score of 7.1. There is no indication of this vulnerability being added to the CISA KEV catalog or being actively exploited at this time. Public proof-of-concept exploits are not currently available, but the nature of path traversal vulnerabilities makes it likely that one will emerge.
Organizations utilizing OpenClaw for agent management, particularly those with legacy configurations or shared hosting environments, are at risk. Environments where OpenClaw interacts with sensitive data or critical infrastructure are especially vulnerable and should prioritize patching.
disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28482 is to immediately upgrade OpenClaw to version 2026.2.12 or later. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting access to the transcript file directory and implementing strict input validation on the sessionId and sessionFile parameters. Specifically, ensure that any user-supplied input is thoroughly sanitized to prevent path traversal sequences. While a WAF might offer some protection, it's not a substitute for patching the vulnerable application. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring file access attempts within the session directory for unusual patterns is recommended.
Actualice OpenClaw a la versión 2026.2.12 o posterior. Esta versión corrige las vulnerabilidades de path traversal al sanitizar los parámetros sessionId y sessionFile, previniendo el acceso no autorizado a archivos fuera del directorio de sesiones del agente.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28482 is a Path Traversal vulnerability in OpenClaw allowing authenticated attackers to read/write arbitrary files due to unsanitized session parameters. It has a CVSS score of 7.1 (HIGH).
You are affected if you are running OpenClaw versions 0–2026.2.12. Upgrade to 2026.2.12 to mitigate the risk.
Upgrade OpenClaw to version 2026.2.12 or later. As a temporary workaround, restrict directory access controls for the agent sessions directory.
There is currently no indication of active exploitation, but the vulnerability's severity warrants monitoring.
Refer to the OpenClaw security advisories on their official website or GitHub repository for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.