CVE
GHSA-659f-22xc-98f2
OpenClaw hook transform path containment missed symlink-resolved escapes
Vulnerability
Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.21-2 - Patched version (planned next release):
2026.2.22
Impact
When an attacker can cause a transform module path to reference a symlinked entry that resolves outside the trusted transform directory, the gateway may import and execute unintended JavaScript with gateway-process privileges.
Attack Preconditions
- Hook transforms are enabled and reachable.
- Attacker can influence transform path resolution (for example via privileged config access and/or writable filesystem path in the transform tree).
- A symlink escape exists to attacker-controlled code.
Remediation
- Enforce realpath-aware containment for existing path ancestors before dynamic import.
- Keep lexical containment checks for traversal and absolute-path escapes.
- Add regression coverage for:
- transform module symlink escape rejection,
hooks.transformsDirsymlink escape rejection,- in-root symlink allow-case.
Fix Commit(s)
f4dd0577b055f77af783105bd65eae32f3d5e6a1
OpenClaw thanks @aether-ai-agent for reporting.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
C
H
U
-
Related Resources
No items found.
References
https://github.com/openclaw/openclaw/security/advisories/GHSA-659f-22xc-98f2, https://github.com/openclaw/openclaw/commit/f4dd0577b055f77af783105bd65eae32f3d5e6a1, https://github.com/openclaw/openclaw
Basic Information
Ecosystem
