CVE-2026-28482 Overview
CVE-2026-28482 is a path traversal vulnerability affecting OpenClaw versions prior to 2026.2.12. The vulnerability exists because the application constructs transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory.
Critical Impact
Authenticated attackers can achieve arbitrary file read and write access outside the intended session directory, potentially leading to sensitive data exposure, configuration tampering, or further system compromise.
Affected Products
- OpenClaw versions prior to 2026.2.12
Discovery Timeline
- 2026-03-05 - CVE CVE-2026-28482 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28482
Vulnerability Analysis
This path traversal vulnerability (CWE-22) stems from insufficient input validation when processing session-related file operations. The application fails to properly sanitize user-supplied sessionId and sessionFile parameters before constructing file paths for transcript storage and retrieval. Without proper directory containment checks, the application blindly concatenates these parameters into file system paths.
When an authenticated user supplies a malicious value containing path traversal sequences (such as ../), the resulting file path escapes the intended sessions directory. This allows attackers to access sensitive system files for reading (information disclosure) or overwrite critical configuration files (integrity compromise).
Root Cause
The root cause lies in the improper path resolution logic within the session handling components. Specifically, the subagent-announce.ts and sessions-list-tool.ts modules were constructing transcript paths without validating that the resolved path remained within the expected sessionsDir boundary. The absence of explicit agent context during path resolution allowed attackers to manipulate the path components to escape directory constraints.
Attack Vector
An authenticated attacker can exploit this vulnerability locally by manipulating the sessionId or sessionFile parameters in API requests or session operations. By injecting path traversal sequences like ../../etc/passwd or ../../../app/config.json, the attacker can:
- Read arbitrary files on the system that the OpenClaw process has permission to access
- Write or overwrite files outside the sessions directory, potentially modifying application configuration or planting malicious content
The security patches introduced the resolveSessionFilePath function with explicit agent context enforcement to properly contain file operations within the intended directory structure:
loadSessionStore,
resolveAgentIdFromSessionKey,
resolveMainSessionKey,
+ resolveSessionFilePath,
resolveStorePath,
} from "../config/sessions.js";
import { callGateway } from "../gateway/call.js";
Source: GitHub Commit Change
The fix adds explicit agent context during path resolution to ensure paths cannot escape the designated directory:
});
const sessionId = entry?.sessionId;
+ const agentId = resolveAgentIdFromSessionKey(params.sessionKey);
let transcriptPath: string | undefined;
if (sessionId && storePath) {
try {
transcriptPath = resolveSessionFilePath(sessionId, entry, {
+ agentId,
sessionsDir: path.dirname(storePath),
});
} catch {
Source: GitHub Commit Change
Detection Methods for CVE-2026-28482
Indicators of Compromise
- Log entries showing session file requests containing path traversal patterns such as ../, ..%2f, or encoded variants
- Unexpected file access attempts outside the sessions directory in application or system audit logs
- Access to sensitive system files like /etc/passwd, /etc/shadow, or application configuration files from the OpenClaw process
Detection Strategies
- Monitor application logs for sessionId or sessionFile parameters containing suspicious characters or traversal patterns
- Implement file integrity monitoring (FIM) on critical system files and configuration directories
- Deploy web application firewall (WAF) rules to detect and block path traversal attempts in request parameters
Monitoring Recommendations
- Enable verbose logging for session-related file operations in OpenClaw
- Configure alerts for file access events outside the designated sessions directory
- Review access patterns for the OpenClaw service account to identify anomalous file system activity
How to Mitigate CVE-2026-28482
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.12 or later immediately
- Review application and system logs for evidence of exploitation attempts
- Audit file permissions to ensure the OpenClaw process operates with minimal required privileges
- Verify integrity of sensitive system and configuration files that may have been targeted
Patch Information
Security patches have been released to address this vulnerability. The fix introduces the resolveSessionFilePath function with explicit agent context enforcement to ensure all transcript path operations remain contained within the designated sessions directory.
Relevant security fixes are documented in the following resources:
Workarounds
- Restrict network access to OpenClaw instances to trusted users and networks only
- Implement additional input validation at the application or reverse proxy layer to reject requests containing path traversal sequences
- Run the OpenClaw service with a restricted service account that has minimal file system permissions
# Configuration example - restrict OpenClaw service account permissions
# Create restricted service account
useradd -r -s /sbin/nologin openclaw-svc
# Set minimal directory permissions
chown -R openclaw-svc:openclaw-svc /opt/openclaw/sessions
chmod 700 /opt/openclaw/sessions
# Run service with restricted account
systemctl edit openclaw
# Add: User=openclaw-svc
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
