GHSA-vgjq-7pq9-cvwpHighCVSS 7.1

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync...

Published
July 14, 2026
Last Modified
July 14, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.

🔗 References (4)