CVE-2026-35658
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub