Home

Description

OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundaries, potentially enabling configuration tampering and code execution.

PUBLISHED Reserved 2026-02-27 | Published 2026-03-05 | Updated 2026-03-09 | Assigner VulnCheck




HIGH: 8.3CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 2026.2.14
affected

Credits

XueMian (ICT.RUN) (@xuemian168) reporter

Shangzhi-Xu (@ShangzhiXu) coordinator

References

github.com/...enclaw/security/advisories/GHSA-p25h-9q54-ffvw (GitHub Security Advisory (GHSA-p25h-9q54-ffvw)) vendor-advisory

github.com/...ommit/3aa94afcfd12104c683c9cad81faf434d0dadf87 (Patch Commit) patch

www.vulncheck.com/...ath-traversal-in-tar-archive-extraction (VulnCheck Advisory: OpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive Extraction) third-party-advisory

cve.org (CVE-2026-28453)

nvd.nist.gov (CVE-2026-28453)

Download JSON