DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-659F-22XC-98F2: GHSA-659F-22XC-98F2: Path Traversal via Symbolic Links in OpenClaw Webhook Transforms

#security #cve #cybersecurity #ghsa

GHSA-659F-22XC-98F2: Path Traversal via Symbolic Links in OpenClaw Webhook Transforms

Vulnerability ID: GHSA-659F-22XC-98F2
CVSS Score: 8.1
Published: 2026-03-03

A critical path traversal vulnerability exists in the OpenClaw infrastructure, specifically within the webhook transform module loader. The vulnerability arises from improper resolution of symbolic links when validating module paths against a restricted directory allowlist. By creating a symbolic link within the allowed directory that points to a file outside of it, an attacker can bypass the containment check and force the application to load and execute arbitrary JavaScript or TypeScript files from the filesystem. This flaw allows for Remote Code Execution (RCE) if an attacker can introduce a symbolic link into the configured transforms directory.

TL;DR

OpenClaw's webhook transform loader failed to resolve symbolic links, allowing attackers to bypass directory restrictions. By linking a valid path to an external malicious file, attackers could achieve Remote Code Execution. The issue was patched by enforcing realpath verification on module paths.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-59 (Improper Link Resolution)
  • Attack Vector: Local / Network (via Configuration)
  • CVSS (Est.): 8.1 (High)
  • Impact: Remote Code Execution (RCE)
  • Exploit Status: PoC Available
  • Platform: Node.js / TypeScript

Affected Systems

  • OpenClaw Webhook Gateway
  • OpenClaw: < 2026-02-22 (Fixed in: 2026-02-22 Patch)

Code Analysis

Commit: f4dd057

fix(gateway): resolve symlinks when checking transform module containment

function resolveContainedPath(...) { ... const baseRealpath = safeRealpathSync(base); ... if (escapesBase(baseRealpath, existingAncestorRealpath)) throw ... }
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Input Validation: Enforce filesystem-level path resolution using realpath.
  • Least Privilege: Run the OpenClaw process with restricted filesystem permissions, preventing it from reading files outside the application directory even if validated incorrectly.
  • Configuration Hardening: Restrict write access to the hooks directory to preventing the creation of symbolic links by unauthorized users.

Remediation Steps:

  1. Upgrade OpenClaw to the latest version (patch released 2026-02-22).
  2. Audit the hooks/transforms directory for existing symbolic links targeting external files.
  3. Review hooks.mappings configuration for any absolute paths or suspicious module references.
  4. Restart the OpenClaw service to ensure the new validation logic is active.

References

Read the full report for GHSA-659F-22XC-98F2 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)