CVE-2026-28482 — HIGH (7.1)

Q: How severe is CVE-2026-28482?

CVE-2026-28482 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-28482?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.2.12

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2026-28482?

CVE-2026-28482 is a vulnerability with a CVSS score of 7.1 (HIGH). OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can e...

How severe is CVE-2026-28482?

CVE-2026-28482 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-28482?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.