Path Traversal Vulnerability in OpenClaw's screen_record Tool by OpenClaw
CVE-2026-43567

7.1HIGH

Key Information:

Vendor

Openclaw

Status
Openclaw
Vendor
CVE Published:
5 May 2026

What is CVE-2026-43567?

OpenClaw versions prior to 2026.4.10 are vulnerable to a path traversal issue in the screen_record tool's outPath parameter, which allows attackers to bypass filesystem restrictions. By crafting a malicious outPath, an attacker can write files outside the designated workspace, leading to unauthorized access to sensitive directories and potential exploitation of the underlying system. This vulnerability emphasizes the need for strict input validation and security measures in file handling components.

Affected Version(s)

OpenClaw 0 < 2026.4.10

OpenClaw 2026.4.10

References

https://github.com/openclaw/openclaw/security/advisories/...
vendor-advisory
https://github.com/openclaw/openclaw/commit/635bb35b68d8f...
patch
https://www.vulncheck.com/advisories/openclaw-path-traver...
third-party-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.