CVE-2026-32061
6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openclaw | openclaw | 0 < 2026.2.17 | affected |
| openclaw | openclaw | 2026.2.17 | unaffected |
Weaknesses
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4
- https://github.com/openclaw/openclaw/commit/d1c00dbb7c64a39e205464dae7f2a068420e91c1
- https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-include-directive-path-traversal
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.