CVE-2026-28462 Overview
OpenClaw versions prior to 2026.2.13 contain a path traversal vulnerability (CWE-22) in the browser control API that accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal sequences in POST /trace/stop, POST /wait/download, and POST /download endpoints to write files outside intended temp roots, potentially leading to arbitrary file write conditions.
Critical Impact
Unauthenticated remote attackers can leverage this path traversal vulnerability to write arbitrary files to locations outside the intended temporary directories, potentially enabling configuration overwrite, code injection, or system compromise.
Affected Products
- OpenClaw versions prior to 2026.2.13
Discovery Timeline
- 2026-03-05 - CVE-2026-28462 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28462
Vulnerability Analysis
This vulnerability stems from insufficient input validation in OpenClaw's browser control API endpoints that handle file output operations. The affected endpoints (POST /trace/stop, POST /wait/download, and POST /download) accept user-controlled file paths without proper sanitization, allowing attackers to use directory traversal sequences (e.g., ../) to escape the intended temporary directory boundaries.
The browser control API is designed to write trace and download files to a designated temporary directory. However, the lack of consistent path validation allows malicious actors with network access to the API to specify arbitrary output paths. This enables writing files to any location accessible by the OpenClaw process, which could include web roots, configuration directories, or system locations depending on the process privileges.
Root Cause
The root cause is the absence of path canonicalization and containment checks in the route handlers for trace and download operations. The original implementation in src/browser/routes/agent.act.ts and src/browser/routes/agent.debug.ts directly used user-supplied paths without verifying that the resolved path remains within the OpenClaw temporary root directory. This violates the principle of least privilege and secure path handling best practices.
Attack Vector
The attack vector is network-based, requiring no authentication or user interaction. An attacker with network access to the OpenClaw browser control API can craft malicious POST requests to the vulnerable endpoints with path traversal payloads in the output path parameters. The attack complexity is low as it requires only basic knowledge of path traversal techniques.
// Security patch in src/browser/routes/agent.act.ts
// Source: https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426
resolveProfileContext,
SELECTOR_UNSUPPORTED_MESSAGE,
} from "./agent.shared.js";
+import { DEFAULT_DOWNLOAD_DIR, resolvePathWithinRoot } from "./path-output.js";
import { jsonError, toBoolean, toNumber, toStringArray, toStringOrEmpty } from "./utils.js";
export function registerBrowserAgentActRoutes(
The patch introduces the resolvePathWithinRoot utility function that enforces path containment, ensuring all output paths are constrained to the OpenClaw temporary root directory.
Detection Methods for CVE-2026-28462
Indicators of Compromise
- Unexpected file creation or modification outside OpenClaw's designated temporary directories
- HTTP POST requests to /trace/stop, /wait/download, or /download endpoints containing ../ sequences or absolute paths
- Unusual API activity patterns targeting browser control endpoints from external or untrusted sources
- File system audit logs showing writes to sensitive directories originating from the OpenClaw process
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal sequences (../, ..%2f, ..%5c) in API request parameters
- Monitor OpenClaw API access logs for anomalous requests to the affected endpoints
- Deploy file integrity monitoring (FIM) on critical system directories to detect unauthorized file writes
- Use network intrusion detection systems (NIDS) with signatures for path traversal attack patterns
Monitoring Recommendations
- Enable verbose logging for all OpenClaw browser control API endpoints
- Configure SIEM alerts for path traversal patterns in HTTP request payloads
- Implement real-time file system monitoring on directories outside the designated temp root
- Review API access controls and ensure the browser control API is not exposed to untrusted networks
How to Mitigate CVE-2026-28462
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.13 or later immediately
- Restrict network access to the browser control API using firewall rules or network segmentation
- Audit file system permissions to ensure the OpenClaw process runs with minimal required privileges
- Review recent API logs for evidence of exploitation attempts
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.13. The fix introduces the resolvePathWithinRoot utility function in a new module (path-output.js) that canonicalizes user-supplied paths and validates they remain within the designated temporary root directory before any file operations occur. The security patch is available in commit 7f0489e4731c8d965d78d6eac4a60312e46a9426. For additional details, see the GitHub Security Advisory.
Workarounds
- Place the OpenClaw browser control API behind an authenticated reverse proxy
- Use network-level access controls to restrict API access to trusted hosts only
- Run OpenClaw in a containerized environment with restricted file system mounts
- Implement application-level request filtering to block requests containing path traversal sequences
# Example: Restrict API access using iptables
# Allow access only from trusted internal network
iptables -A INPUT -p tcp --dport 8080 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
