Platform
nodejs
Component
openclaw
Fixed in
2026.2.12
CVE-2026-28482 describes a Path Traversal vulnerability discovered in OpenClaw. This flaw allows authenticated attackers to manipulate file paths, potentially leading to unauthorized access or modification of sensitive data. The vulnerability impacts OpenClaw versions from 0 up to and including 2026.2.12. A patch has been released in version 2026.2.12.
The core of this vulnerability lies in OpenClaw's handling of sessionId and sessionFile parameters when constructing transcript file paths. The application fails to properly sanitize these parameters, allowing attackers to inject path traversal sequences like ../../etc/passwd. Successful exploitation enables an attacker, after authentication, to read arbitrary files outside the designated agent sessions directory. This could include sensitive configuration files, user data, or even system files, depending on the permissions of the OpenClaw process. The potential for data exfiltration and system compromise is significant, particularly in environments where OpenClaw is used to manage sensitive information or interact with critical infrastructure.
CVE-2026-28482 was publicly disclosed on March 5, 2026. Currently, there is no indication of active exploitation or a KEV listing. No public proof-of-concept (PoC) code has been released at the time of this writing. The vulnerability's severity and the potential for remote code execution via file manipulation warrant careful monitoring and prompt patching.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-28482 is to immediately upgrade OpenClaw to version 2026.2.12 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime constraints, consider implementing stricter directory access controls for the OpenClaw agent sessions directory. This could involve restricting write permissions to only the OpenClaw process and its designated user. While not a complete solution, this can limit the attacker's ability to write arbitrary files. Further, review and harden authentication mechanisms to prevent unauthorized access to the OpenClaw system. After upgrading, confirm the fix by attempting a path traversal attack with a known malicious payload (e.g., ../../etc/passwd) and verifying that access is denied.
Update OpenClaw to version 2026.2.12 or later. This version fixes the path traversal vulnerabilities by sanitizing the (sessionId) and (sessionFile) parameters, preventing unauthorized access to files outside the agent sessions directory.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28482 is a Path Traversal vulnerability in OpenClaw allowing authenticated attackers to read/write arbitrary files due to unsanitized session parameters. It has a CVSS score of 7.1 (HIGH).
You are affected if you are running OpenClaw versions 0–2026.2.12. Upgrade to 2026.2.12 to mitigate the risk.
Upgrade OpenClaw to version 2026.2.12 or later. As a temporary workaround, restrict directory access controls for the agent sessions directory.
There is currently no indication of active exploitation, but the vulnerability's severity warrants monitoring.
Refer to the OpenClaw security advisories on their official website or GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.