CVE-2026-28459: OpenClaw has an arbitrary transcript path file write via gateway sessionFile
(updated )
In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host.
References
- github.com/advisories/GHSA-64qx-vpxx-mvqf
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/25950bcbb8ba4d8cde002557f6e27c219ae4deda
- github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
- github.com/openclaw/openclaw/releases/tag/v2026.2.12
- github.com/openclaw/openclaw/security/advisories/GHSA-64qx-vpxx-mvqf
- nvd.nist.gov/vuln/detail/CVE-2026-28459
- www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-untrusted-sessionfile-path
Code Behaviors & Features
Detect and mitigate CVE-2026-28459 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →