CVE-2026-32020
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Description
### Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads. ### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published version observed: `2026.2.21-2` - Affected versions: `<=2026.2.21-2` - Planned fixed release version: `2026.2.22` ### Technical Details The vulnerable flow was in `src/gateway/control-ui.ts`, where `path.join(...)` + string-prefix checks were followed by file reads that resolved symlinks. This allowed directory-confinement bypasses when symlinks existed inside the Control UI root. The fix now enforces realpath containment and verifies file identity before serving Control UI assets and SPA fallback `index.html`. ### Impact - Vulnerability type: path traversal / external file exposure via symlink following. - Primary impact: confidentiality (out-of-root file read). - Severity guidance: low in supported trusted-operator deployments; can be higher in unsupported shared-writable setups. ### Fix Commit(s) - `7c500ff6236fa087ec1ec88696ca9f6881e90dc5` ### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.22`). After npm release is available, publish the advisory. OpenClaw thanks @tdjackey for reporting.
How to fix CVE-2026-32020
To remediate CVE-2026-32020, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.22 or later
Is CVE-2026-32020 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.22