CVE-2026-26972

Description

### Summary OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema (no `download` action). Exploitation requires authenticated CLI access or an authenticated gateway RPC token. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected: >=2026.1.12, <=2026.2.12 - Fixed: >=2026.2.13 ### Details Affected code: `src/browser/pw-tools-core.downloads.ts` (`waitForDownloadViaPlaywright`, `downloadViaPlaywright`). Fixed entrypoints (as of 2026.2.13): - Gateway browser control routes `/wait/download` and `/download` now restrict `path` to `DEFAULT_DOWNLOAD_DIR` via `resolvePathWithinRoot`. ### Fix Commit(s) - 7f0489e4731c8d965d78d6eac4a60312e46a9426 ### Mitigation Upgrade to `openclaw` >=2026.2.13. Thanks @locus-x64 for reporting.

How to fix CVE-2026-26972

To remediate CVE-2026-26972, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.13 or later

Is CVE-2026-26972 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 2026.1.12, < 2026.2.13

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-26972
• PATCHgithub.com/openclaw/openclaw
• WEBgithub.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426
• WEBgithub.com/openclaw/openclaw/releases/tag/v2026.2.13