CVE-2026-28482

HIGH WAF: High
CVSS 7.1 Published: 2026-03-05
CWE-22

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory.

WAF Coverage Analysis

Path Traversal High WAF Coverage

OWASP: A01:2021 Broken Access Control

930xxx - Local File Inclusion

References

Back to CVE Database