Main Vulnerability Database SB2026040844

SB2026040844 - Insecure symlink following in OpenClaw

Published: April 8, 2026

Security Bulletin ID SB2026040844

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) UNIX symbolic link following (CVE-ID: N/A)

The vulnerability allows a local user to append attacker-controlled content to arbitrary files on the system.

The vulnerability exists due to unix symbolic link following in agents.create and agents.update handlers when appending to IDENTITY.md in the agent workspace. A local user can place a symlink at the IDENTITY.md path and invoke the affected API methods to append attacker-controlled content to arbitrary files on the system.

The issue occurs because an existing symlink at the IDENTITY.md path is not prevented from being followed during the append operation.

Remediation

Install update from vendor's website.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5