CVE-2026-26972

OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema (no `download` action). Exploitation requires authenticated CLI access or an authenticated gateway RPC token. Version 2026.2.13 fixes the issue.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426	Patch
https://github.com/openclaw/openclaw/releases/tag/v2026.2.13	Product Release Notes
https://github.com/openclaw/openclaw/security/advisories/GHSA-xwjm-j929-xq7c	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2026-02-20 00:16

Updated : 2026-02-20 19:03

NVD link : CVE-2026-26972

Mitre link : CVE-2026-26972

CVE.ORG link : CVE-2026-26972

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-26972", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2026-02-20T00:16:16.500", "references": [{"url": "https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.13", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xwjm-j929-xq7c", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema (no `download` action). Exploitation requires authenticated CLI access or an authenticated gateway RPC token. Version 2026.2.13 fixes the issue."}, {"lang": "es", "value": "OpenClaw es un asistente personal de IA. En las versiones 2026.1.12 a 2026.2.12, los ayudantes de descarga del navegador de OpenClaw aceptaban una ruta de salida no saneada. Cuando se invocaban a trav\u00e9s de las rutas de la pasarela de control del navegador, esto permit\u00eda el salto de ruta para escribir descargas fuera del directorio de descargas temporales de OpenClaw previsto. Este problema no se expone a trav\u00e9s del esquema de herramientas del agente de IA (sin acci\u00f3n 'download'). La explotaci\u00f3n requiere acceso CLI autenticado o un token RPC de pasarela autenticado. La versi\u00f3n 2026.2.13 corrige el problema."}], "lastModified": "2026-02-20T19:03:33.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "36E861EF-8BE8-4C20-A718-77CB50C49CB8", "versionEndExcluding": "2026.2.13", "versionStartIncluding": "2026.1.12"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}