{"data":{"id":"0351ac09-6be6-4902-b1ca-23712562aeee","title":"GHSA-jq4x-98m3-ggq6: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability","summary":"OpenClaw's canvas tool contains a path traversal vulnerability (a security flaw that allows reading files outside intended directories) in its `a2ui_push` action. An authenticated attacker can supply any filesystem path to the `jsonlPath` parameter, and the gateway reads the file without validation and forwards its contents to connected nodes, potentially exposing sensitive files like credentials or SSH keys.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-jq4x-98m3-ggq6","publishedAt":"2026-03-02T22:32:23.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":["openclaw@< 2026.2.21 (fixed: 2026.2.21)"],"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}