CVE-2026-3689: Path Traversal Flaw in OpenClaw Canvas Gateway Exposes Sensitive Data
A path traversal vulnerability in OpenClaw's canvas gateway endpoint allows authenticated remote attackers to read arbitrary files on the server, potentially exposing sensitive configuration and user data.
A medium-severity path traversal vulnerability has been disclosed in OpenClaw, an open-source platform, that could allow authenticated attackers to read sensitive files from the underlying server. Tracked as CVE-2026-3689 and assigned a CVSS score of 6.5, the flaw resides in the canvas gateway endpoint, where user-supplied path parameters are not properly validated before being used in file operations.
The vulnerability was discovered by researchers Peter Girnus and Project AESIR of TrendAI Zero Day Initiative and reported through the ZDI program. According to the advisory published by ZDI, an attacker with valid credentials can exploit the improper validation to traverse directories and access files outside the intended scope, leading to information disclosure in the context of the service account.
OpenClaw has released a security update to address the issue. The fix is available via a GitHub security advisory (GHSA-jq4x-98m3-ggq6), and users are strongly advised to apply the update as soon as possible. The disclosure timeline shows the vulnerability was reported to the vendor on February 20, 2026, and the coordinated public advisory was released on March 30, 2026.
While the vulnerability requires authentication, its impact could be significant in environments where OpenClaw is used to manage sensitive data or where service accounts have broad file system access. Path traversal flaws of this nature can be chained with other vulnerabilities or used to extract credentials, configuration files, or cryptographic keys that could lead to further compromise.
This disclosure adds to a growing list of path traversal vulnerabilities found in web applications and APIs, where insufficient input sanitization remains a common weakness. Organizations using OpenClaw should prioritize patching and review their deployment for any signs of unauthorized file access.
The advisory does not indicate active exploitation in the wild, but given the public availability of technical details, proof-of-concept code may emerge. Administrators are urged to update their installations and monitor logs for unusual file access patterns.