AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-xwjm-j929-xq7c: OpenClaw has a Path Traversal in Browser Download Functionality

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 18, 2026CVE-2026-26972

Summary

OpenClaw, a browser download tool, had a path traversal vulnerability (a security flaw where an attacker could use special characters like `../` to write files outside the intended folder) in its download feature because it didn't validate the output file path. This vulnerability only affected users with authenticated access to the CLI or gateway RPC token (a special permission token), not regular AI agent users.

Solution / Mitigation

Upgrade to `openclaw` version 2026.2.13 or later. The fix restricts the `path` parameter to the default download directory using `resolvePathWithinRoot` in the gateway browser control routes `/wait/download` and `/download`.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Affected Vendors

Affected Packages

openclaw@>= 2026.1.12, <= 2026.2.12 (fixed: 2026.2.13)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 18, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 75%