Skip to content

Unsanitized session ID enables path traversal in transcript file operations

Moderate
steipete published GHSA-5xfq-5mr7-426q Feb 16, 2026

Package

npm openclaw (npm)

Affected versions

<=2026.2.9

Patched versions

>=2026.2.12

Description

Description

OpenClaw versions <= 2026.2.9 construct transcript file paths using an unsanitized sessionId and also accept sessionFile paths without enforcing that they stay within the agent sessions directory.

A crafted sessionId and/or sessionFile (example: ../../etc/passwd) can cause path traversal when the gateway performs transcript file read/write operations.

Preconditions: an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to loopback (local-only); configurations that expose the gateway widen the attack surface.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.9
  • Fixed: >= 2026.2.12

Fix

Fixed by validating session IDs (rejecting path separators / traversal sequences) and enforcing sessions-directory containment for session transcript file operations.

Fix Commit(s)

  • 4199f9889f0c307b77096a229b9e085b8d856c26

Additional Hardening

  • cab0abf52ac91e12ea7a0cf04fff315cf0c94d64

Mitigation

Upgrade to openclaw >= 2026.2.12.

Thanks @akhmittra for reporting.

Severity

Moderate

CVE ID

No known CVE

Weaknesses

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Learn more on MITRE.

Credits