CVE-2026-32020
LOW SEVERITYCVSS Score & Metrics
Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Description
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files outside the intended root.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-59
Source
NVD
Vendor
OpenClaw
Product
OpenClaw
Discussion (0)
Add Comment
No comments yet. Be the first!