GHSA-7xr2-q9vf-x4r5: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file (agents.create and agents.update) still use raw fs.appendFile on the IDENTITY.md file without any symlink containment check. An attacker who can place a symlink in the agent workspace can hijack the IDENTITY.md path to append attacker-controlled content to arbitrary files on the system.
References
- github.com/advisories/GHSA-7xr2-q9vf-x4r5
- github.com/advisories/GHSA-fgvx-58p6-gjwc
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/blob/main/src/gateway/server-methods/agents.ts
- github.com/openclaw/openclaw/blob/main/src/gateway/server-methods/agents.ts
- github.com/openclaw/openclaw/blob/main/src/gateway/server-methods/agents.ts
- github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5
Code Behaviors & Features
Detect and mitigate GHSA-7xr2-q9vf-x4r5 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →