5 matches found
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27008 OpenClaw hardened the skill download target directory validation
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27008 OpenClaw hardened the skill download target directory validation
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
GHSA-H7F7-89MM-PQH6 OpenClaw hardened the skill download target directory validation
Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 - Fixed in: planned release 2026.2.15 Impact A bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In th...