GHSA-5xfq-5mr7-426q: OpenClaw's unsanitized session ID enables path traversal in transcript file operations

February 18, 2026

OpenClaw versions <= 2026.2.9 construct transcript file paths using an unsanitized sessionId and also accept sessionFile paths without enforcing that they stay within the agent sessions directory.

A crafted sessionId and/or sessionFile (example: ../../etc/passwd) can cause path traversal when the gateway performs transcript file read/write operations.

Preconditions: an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to loopback (local-only); configurations that expose the gateway widen the attack surface.

References

github.com/advisories/GHSA-5xfq-5mr7-426q
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26
github.com/openclaw/openclaw/releases/tag/v2026.2.12
github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426q

Code Behaviors & Features

Detect and mitigate GHSA-5xfq-5mr7-426q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →