OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing…

CVE-2026-41383 affects OpenClaw versions before 2026.4.2, containing an arbitrary directory deletion vulnerability in mirror mode. Attackers can manipulate remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values to delete remote directories. The vulnerability allows attackers to influence OpenShell config paths, causing mirror sync operations to delete unintended remote directory contents. The deleted directories are then replaced with uploaded workspace data controlled by the attacker. This represents a significant security risk allowing unauthorized remote file system manipulation.