HIGH SeverityCVSS 4.07.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CVE-2026-43567

Last updated May 05, 2026 · Published May 05, 2026

Description

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.

Affected products

1 listed

OpenClaw:OpenClaw

Mappings

CWE

CWE-862

CAPEC

None listed.

Research

Path traversal: how to detect and prevent itPath traversal lets attackers read or write files outside intended directories. Normalise paths, resolve them…

Training

Authorisation and Access ControlRBAC, ABAC, and privilege escalation patterns in real applications.
Secure File HandlingUploads, storage, and serving files without opening the door to attackers.

CVE-2026-43567

Description

Affected products

Mappings

Related