6 matches found
CVE-2026-27485
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
CVE-2026-27485
Summary (concrete details): CVE-2026-27485 affects OpenClaw’s npm package, specifically the packaging helper script under skills/skill-creator/scripts/package_skill.py. The vulnerability arises when the script, run on a crafted local skill directory, follows symlinks to files outside the skill ro...
CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...
PT-2026-21336
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and earlier Description OpenClaw, a personal AI assistant, contains an issue in the skills/skill-creator/scripts/package skill.py script. This script previously followed symbolic links when creating .skill archives...