CVE-2026-41383HIGH 8.1EPSS p28.7%

CVE-2026-41383CVE-2026-41383

Description

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.7% · 2026-06-19T12:03:05Z
Published2026-04-28
Last modified2026-05-01

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25
  2. https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x
  3. https://www.vulncheck.com/advisories/openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41397
CVE
CVE-2026-41364
CVE
CVE-2026-32013
CVE
CVE-2026-44112
CVE
CVE-2026-28453
CVE
CVE-2026-32055
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.