CVE-2026-26972

low-risk

Published 2026-02-20

OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema (no `download` action). Exploitation requires authenticated CLI access or an authenticated gateway RPC token. Version 2026.2.13 fixes the issue.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Openclaw

Affected Vendors

Openclaw

References (3)

Patch https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a...

Product https://github.com/openclaw/openclaw/releases/tag/v2026.2.13

Patch https://github.com/openclaw/openclaw/security/advisories/GHSA-xwjm-j929-xq7c

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal