Skip to content
CVSS 8.1 · HIGH

CVE-2026-41383

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data.

View on NVD

Analysis

OpenClaw is a niche synchronization tool, and this vulnerability allows attackers to delete and replace remote directories by manipulating configuration paths. Given its limited adoption compared to mainstream CI/CD or sync tools, it does not warrant a high-priority alert for the general developer community.

Severity

Score: 8.1(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: NONE
I: HIGH
A: HIGH
Weakness (CWE): CWE-22

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.1%)
Percentile: 15.5%
EPSS: 2026-05-06

Affects

openclaw:openclaw

Technical description

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data.

Published: 4/28/2026, 7:37:41 PM
Last modified: 5/1/2026, 3:52:02 PM

References

HomeEventsBlogResourcesTeam