Medium severity6.5GHSA Advisory· Published May 5, 2026· Updated May 7, 2026
CVE-2026-43567
CVE-2026-43567
Description
OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.4.10 | 2026.4.10 |
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748anvdPatchWEB
- github.com/advisories/GHSA-jf25-7968-h2h5ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5nvdVendor AdvisoryWEB
- www.vulncheck.com/advisories/openclaw-path-traversal-in-screen-record-outpath-parameternvdThird Party Advisory
- github.com/openclaw/openclaw/pull/63551ghsaWEB
News mentions
0No linked articles in our index yet.