GHSA-3jx4-q2m7-r496: OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations

March 4, 2026

In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.

By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only apply_patch checks).

References

github.com/advisories/GHSA-3jx4-q2m7-r496
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e
github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496

Code Behaviors & Features

Detect and mitigate GHSA-3jx4-q2m7-r496 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →