HIGHCVE-2026-28459Published 2026-03-05Modified 2026-03-09CNA VulnCheck

CVE-2026-28459: OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append data repeatedly, potentially causing configuration corruption or denial of service.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 2026.2.12
Affected Products: 1

Fix available

2026.2.12

Patch commits

Patch Commit #1
Patch Commit #2

Affected packages

OpenClaw / OpenClaw
< 2026.2.12 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

References

GitHub Security Advisory (GHSA-64qx-vpxx-mvqf)
Patch Commit #1
Patch Commit #2
VulnCheck Advisory: OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path

Metrics

Fix available