8 matches found
EUVD-2026-17027
OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...
Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vhwf-4x96-vqx2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the...
GHSA-6Q2V-VFWP-PVWH Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vhwf-4x96-vqx2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the...
CVE-2026-33574
OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...
CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download
OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...
CVE-2026-33574
OpenClaw is affected before 2026.3.8 by a path traversal in the skills download installer. The root tools directory is validated lexically but the mutable path is reused during archive download and copy, allowing a local attacker to rebind the tools-root between validation and final write and red...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the skills download installer. An attacker can cause files to be written outside the intended directory by rebinding the validated...
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)
Summary The tar.bz2 installer path in src/agents/skills-install-download.ts used shell tar preflight/extract logic that did not share the same hardening guarantees as the centralized archive extractor. This allowed crafted .tar.bz2 archives to bypass special-entry blocking and extracted-size...