Lucene search
K

5 matches found

NVD
NVD
added 2026/02/20 12:16 a.m.16 views

CVE-2026-27008

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...

6.8CVSS0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 11:23 p.m.2 views

CVE-2026-27008

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...

6.8CVSS5.5AI score0.00166EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 11:23 p.m.4 views

CVE-2026-27008 OpenClaw hardened the skill download target directory validation

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...

6.8CVSS5.5AI score0.00166EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 11:23 p.m.28 views

CVE-2026-27008 OpenClaw hardened the skill download target directory validation

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...

6.8CVSS0.00166EPSS
Exploits0References4
OSV
OSV
added 2026/02/18 10:44 p.m.8 views

GHSA-H7F7-89MM-PQH6 OpenClaw hardened the skill download target directory validation

Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 - Fixed in: planned release 2026.2.15 Impact A bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In th...

6.8CVSS5.5AI score0.00166EPSS
Exploits0References6
Rows per page
Query Builder