CVE-2026-32054
MEDIUMOpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
Title source: cnaDescription
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-36h3-7c54-j27r)
https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling
Scores
CVSS v3
6.5
EPSS
0.0013
EPSS Percentile
2.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-59
Status
published
Products (4)
npm/openclaw
0 - 2026.2.25npm
OpenClaw/OpenClaw
< 2026.2.25
openclaw/openclaw
< 2026.2.25
OpenClaw/OpenClaw
2026.2.25
Published
Mar 21, 2026
Tracked Since
Mar 21, 2026