GHSA-mgrq-9f93-wpp5

Suggest an improvement
Source
https://github.com/advisories/GHSA-mgrq-9f93-wpp5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-mgrq-9f93-wpp5/GHSA-mgrq-9f93-wpp5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mgrq-9f93-wpp5
Downstream
Published
2026-03-12T14:21:49Z
Modified
2026-03-14T02:38:54.565790Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator
Summary
OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Details

Summary

openclaw had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Vulnerable versions: <= 2026.2.25
  • Patched versions: >= 2026.2.26 (pre-set for next planned release)
  • Latest published npm version at update time: 2026.2.25

Details

The boundary check path resolved aliases in a way that allowed a non-existent out-of-root symlink target to pass the initial validation window. A first write through the guarded workspace path could therefore escape the workspace boundary.

The fix hardens canonical boundary resolution so missing-leaf alias paths are evaluated against canonical containment, while preserving valid in-root aliases. This closes the first-write escape condition without regressing valid in-root alias usage.

Fix Commit(s)

  • 46eba86b45e9db05b7b792e914c4fe0de1b40a23
  • 1aef45bc060b28a0af45a67dc66acd36aef763c9

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.26). Once npm release 2026.2.26 is published, this advisory can be published directly.

Thanks @tdjackey for reporting.

Database specific 
{
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-22",
        "CWE-59"
    ],
    "nvd_published_at": null,
    "github_reviewed_at": "2026-03-12T14:21:49Z"
}
References

Affected packages

npm / openclaw

Package

Name
openclaw
View open source insights on deps.dev
Purl
pkg:npm/openclaw

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2026.2.26

Database specific

last_known_affected_version_range 
"<= 2026.2.25"
source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-mgrq-9f93-wpp5/GHSA-mgrq-9f93-wpp5.json"