GHSA-36h3-7c54-j27r
OpenClaw has browser trace/download path symlink escape in temp output handling
상세
### Summary Browser trace/download output path handling allowed symlink-root and symlink-parent escapes from the managed temp root.
### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published npm version: `2026.2.24` - Affected versions: `<= 2026.2.24` - Planned patched release: `2026.2.25`
### Impact An attacker with relevant local foothold and ability to influence output paths could route writes outside the intended temp root via symlink traversal, leading to arbitrary file overwrite.
### Fix Commit(s) - `496a76c03ba85e15ea715e5a583e498ae04d36e3`
### Release Process Note `patched_versions` is pre-set to the release (`2026.2.25`) so once npm `2026.2.25` is published, the advisory is published.
OpenClaw thanks @tdjackey for reporting.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-32054 [ADVISORY]
- https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3 [WEB]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling [WEB]