Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

GHSA-3jx4-q2m7-r496

OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations
Back to all
CVE

GHSA-3jx4-q2m7-r496

OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations

Summary

In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.

By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only apply_patch checks).

Impact

  • Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.
  • Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published version at triage time: 2026.2.24
  • Affected range: <= 2026.2.24
  • Planned patched version: 2026.2.25

Fix Commit(s)

  • 04d91d0319b82fd4de91ed05e9fc5219ff2ab64e (main)

Remediation

OpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for:

  • workspace-only path checks (read / write / edit)
  • workspace-only apply_patch read/write paths
  • sandbox mount-root path-safety checks

Regression tests were added for apply_patch, workspace fs tools, and sandbox fs bridge hardlink alias escapes.

OpenClaw thanks @tdjackey for reporting.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496, https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e, https://github.com/openclaw/openclaw

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0%
EPSS Percentile
0%
Introduced Version
0
Fix Available
2026.2.25

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading