CVE-2026-35658
OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
OpenClaw · OpenClawWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/openclaw/openclaw/commit/14baadda2c456f3cf749f1f97e8678746a34a7f4https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53https://github.com/openclaw/openclaw/security/advisories/GHSA-cfp9-w5v9-3q4hhttps://www.vulncheck.com/advisories/openclaw-filesystem-boundary-bypass-in-image-tool