Is this vulnerability remotely exploitable, or does it require local access?

It is remotely exploitable by any client that can authenticate as a gateway user and reach the affected OpenClaw interface, because the file path is controlled through application-level requests rather than local shell access.

Does an attacker need elevated privileges to exploit this issue?

No special OS-level privileges are required beyond whatever the OpenClaw process already has. However, the attacker must have valid gateway client credentials and the OpenClaw service account must have write access to the targeted filesystem locations.

What is the safest general fix pattern for this vulnerability class?

The safest pattern is to remove direct client control over file paths. Treat file identifiers as opaque server-side keys, map them to internally generated filenames in a dedicated directory, and enforce that all file operations are confined to that directory with strict path normalization and permission controls.

Severity:

HIGH RISK

(7.1)

External Control of File Path (CWE-73) in OpenClaw Session Transcript Handling

CVE-2026-28459

Published:

Mar 5, 2026

Status:

Received

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-78

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

Remote Code Execution

March 7, 2026

CWE-89

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Remote Code Execution via SQL Injection on the Database Server

March 7, 2026

Vulnerability Type

Category:

Path Traversal / External Control of File Path

CWE:

CWE-73

Impact:

Arbitrary File Write and Potential Denial of Service

Severity:

HIGH RISK

(7.1)

CVSS Version:

3.1

Vulnerability Type

Category:

Path Traversal / External Control of File Path

CWE:

CWE-73

Impact:

Arbitrary File Write and Potential Denial of Service

Severity:

HIGH RISK

(7.1)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

External Control of File Path (CWE-73) in OpenClaw Session Transcript Handling

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare