Description
OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command.
Published: 2026-03-05
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

A path traversal flaw in the plugin installation routine allows attackers to craft package names that escape the intended extensions directory by using directory traversal characters such as "..". This deficiency lets an attacker write arbitrary files to locations outside the protected plugin folder, which could overwrite critical system files or place malicious plugins. If the installed plugins are subsequently loaded, the attacker can achieve remote code execution or manipulate the application’s behavior. The weakness is classified as CWE-22.

Affected Systems

OpenClaw version 2026.1.29‑beta.1 and earlier than 2026.2.1 are affected. The product, built on the Node.js runtime, does not mitigate the path traversal during plugin installation.

Risk and Exploitability

The vulnerability has a CVSS score of 7, indicating moderate to high severity. According to EPSS, the probability of exploitation is less than 1% and the flaw is not currently listed in CISA’s KEV catalog. Exploitability requires the attacker to supply a malicious plugin package name and trigger the install command, suggesting a local or user‑initiated attack vector. The combination of a moderate severity score, low exploitation likelihood, and absence from KEV points to a significant but not imminent threat if the software remains unpatched.

Generated by OpenCVE AI on April 16, 2026 at 12:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.1 or later, which removes the path traversal flaw.
  • Review and sanitize plugin package names during installation to reject any strings containing path traversal sequences such as "../" or starting with a slash, ensuring files are created only within the intended extensions directory.
  • Limit permissions for the process performing plugin installation, or use a sandboxed environment, so that even if a path traversal occurs, the attacker cannot write sensitive system files or execute arbitrary code.

Generated by OpenCVE AI on April 16, 2026 at 12:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qrq5-wjgg-rvqw OpenClaw has a Path Traversal in Plugin Installation
History

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command.
Title OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package Name
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T13:42:00.671Z

Reserved: 2026-02-27T19:16:35.172Z

Link: CVE-2026-28447

cve-icon Vulnrichment

Updated: 2026-03-11T13:41:50.920Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:16.600

Modified: 2026-03-10T19:43:11.593

Link: CVE-2026-28447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:15:35Z

Weaknesses