GHSA-56pc-6hvp-4gv4
OpenClaw vulnerable to arbitrary file read via $include directive
Details
## Vulnerability
Path traversal in config `$include` resolution allowed arbitrary local file reads outside the config directory boundary (CWE-22).
### Attack Vectors
1. If an attacker can modify OpenClaw config, they can set `$include` to absolute paths (for example `/etc/passwd`) and read files accessible to the OpenClaw process. 2. If an attacker can modify OpenClaw config, they can use traversal paths (for example `../../...`) to escape the config directory. 3. If an attacker can create symlinks inside the config directory, they can point includes to external files unless real-path checks are enforced. 4. Impact scope is bounded by the file permissions of the OpenClaw runtime user; this is not an unauthenticated remote-only vector by itself.
## Impact
A successful exploit can expose local secrets and credentials readable by the OpenClaw process user, including API keys and private config material.
## Affected Packages / Versions
- Package: `openclaw` (npm) - Vulnerable versions: `<=2026.2.15` - Patched versions: `>=2026.2.17`
## Fix Commit(s)
- `d1c00dbb7c64a39e205464dae7f2a068420e91c1`
## Release Process Note
Patched version is pre-set to `2026.2.17`. Once npm release `2026.2.17` is available, this advisory is ready to publish.
OpenClaw thanks @aether-ai-agent for reporting.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-32061 [ADVISORY]
- https://github.com/openclaw/openclaw/commit/d1c00dbb7c64a39e205464dae7f2a068420e91c1 [WEB]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-include-directive-path-traversal [WEB]