GHSA-JF25-7968-H2H5
Vulnerability from github – Published: 2026-04-17 21:58 – Updated: 2026-04-17 21:58
VLAI?
Summary
OpenClaw: screen_record outPath bypassed workspace-only filesystem guard
Details
Summary
screen_record outPath bypassed workspace-only filesystem guard.
Affected Packages / Versions
- Package:
openclaw - Ecosystem: npm
- Affected versions:
< 2026.4.10 - Patched versions:
>= 2026.4.10
Impact
The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call to write outside the intended workspace boundary.
Technical Details
The fix applies the workspace-root guard to node tool outPath handling, including screen recording paths.
Fix
The issue was fixed in #63551. The first stable tag containing the fix is v2026.4.10, and openclaw@2026.4.14 includes the fix.
Fix Commit(s)
635bb35b68d8faa5bfa2fda35feadd315122748a- PR: #63551
Release Process Note
Users should upgrade to openclaw 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix.
Credits
Thanks to @anshumanbh for reporting this issue.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-17T21:58:24Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nscreen_record outPath bypassed workspace-only filesystem guard.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003c 2026.4.10`\n- Patched versions: `\u003e= 2026.4.10`\n\n## Impact\n\nThe node-host screen recording tool could honor an `outPath` outside the workspace guard, allowing an authorized tool call to write outside the intended workspace boundary.\n\n## Technical Details\n\nThe fix applies the workspace-root guard to node tool `outPath` handling, including screen recording paths.\n\n## Fix\n\nThe issue was fixed in #63551. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `635bb35b68d8faa5bfa2fda35feadd315122748a`\n- PR: #63551\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @anshumanbh for reporting this issue.",
"id": "GHSA-jf25-7968-h2h5",
"modified": "2026-04-17T21:58:24Z",
"published": "2026-04-17T21:58:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/pull/63551"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748a"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: screen_record outPath bypassed workspace-only filesystem guard"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…