CVE-2026-45004 | OpenClaw up to 2026.4.22 setup-api.js process.cwd uncontrolled search path (GHSA-r39h-4c2p-3jxp)

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.4.22. Impacted is the function process.cwd of the file setup-api.js. The manipulation leads to uncontrolled search path.

This vulnerability is documented as CVE-2026-45004. The attack needs to be performed locally. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More