OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read

Summary

The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads.

Affected Packages / Versions

• Package: openclaw (npm)
• Latest published version observed: 2026.2.21-2
• Affected versions: <=2026.2.21-2
• Planned fixed release version: 2026.2.22

Technical Details

The vulnerable flow was in src/gateway/control-ui.ts, where path.join(...) + string-prefix checks were followed by file reads that resolved symlinks. This allowed directory-confinement bypasses when symlinks existed inside the Control UI root.

The fix now enforces realpath containment and verifies file identity before serving Control UI assets and SPA fallback index.html.

Impact

• Vulnerability type: path traversal / external file exposure via symlink following.
• Primary impact: confidentiality (out-of-root file read).
• Severity guidance: low in supported trusted-operator deployments; can be higher in unsupported shared-writable setups.

Fix Commit(s)

• 7c500ff6236fa087ec1ec88696ca9f6881e90dc5

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.22). After npm release is available, publish the advisory.

OpenClaw thanks @tdjackey for reporting.