Cyber Resilience

CVE-2026-28459

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 28.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28459 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Stored Data Manipulation (T1565.001); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-28459 is a path traversal vulnerability (CWE-73) in OpenClaw versions prior to 2026.2.12, stemming from inadequate validation of the sessionFile path parameter. This flaw affects the gateway client component, which handles transcript data writes to the host filesystem. Without proper checks, the parameter allows paths outside the intended sessions directory, enabling unauthorized file operations.

Authenticated attackers with gateway client access (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By supplying a malicious sessionFile path, they achieve arbitrary file writes, creating new files or repeatedly appending data. This leads to configuration file corruption (I:L) or denial of service through filesystem exhaustion (A:H), as indicated by the CVSS v3.1 base score of 7.1 (C:N/I:L/A:H/S:U).

Mitigation requires upgrading to OpenClaw 2026.2.12 or later, where the issue is addressed via commits such as 25950bcbb8ba4d8cde002557f6e27c219ae4deda and 4199f9889f0c307b77096a229b9e085b8d856c26. Additional details are available in the GitHub Security Advisory GHSA-64qx-vpxx-mvqf and VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-untrusted-sessionfile-path.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files…

more

and append data repeatedly, potentially causing configuration corruption or denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Path traversal enables arbitrary file writes/appends outside intended directory, directly facilitating stored data manipulation (config corruption) and endpoint DoS (filesystem exhaustion).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-29611Same product: Openclaw Openclaw
CVE-2026-28457Same product: Openclaw Openclaw
CVE-2026-31990Same product: Openclaw Openclaw
CVE-2026-41383Same product: Openclaw Openclaw
CVE-2026-28395Same product: Openclaw Openclaw
CVE-2026-28482Same product: Openclaw Openclaw
CVE-2026-32054Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-27523Same product: Openclaw Openclaw
CVE-2026-28463Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the sessionFile path parameter to reject values outside the intended sessions directory, blocking the path traversal.

prevent

Enforces access-control policy on file-write operations so that authenticated gateway clients cannot write transcript data to arbitrary filesystem locations.

prevent

Limits the privileges of the gateway client process so that even a successful path traversal yields minimal ability to corrupt configuration files or exhaust the filesystem.

References