GHSA-58q2-7r52-jq62: OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

April 3, 2026

Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

References

github.com/advisories/GHSA-58q2-7r52-jq62
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/566fb73d9da2d73c0be0d9b8e5b762e4dcd8e81d
github.com/openclaw/openclaw/releases/tag/v2026.3.31
github.com/openclaw/openclaw/security/advisories/GHSA-58q2-7r52-jq62

Code Behaviors & Features

Detect and mitigate GHSA-58q2-7r52-jq62 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →