Description
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.
Published: 2026-03-05
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file write outside sandbox
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a path traversal flaw in the OpenClaw sandbox skill mirroring feature, where the name field supplied in a skill frontmatter is not sanitized before being written to disk. An attacker can supply a crafted skill package with traversal sequences such as “../” or absolute paths, causing the system to create or overwrite files outside the intended sandbox workspace. This can lead to arbitrary file creation or modification, potentially enabling the execution of malicious code or the compromise of system configuration files, depending on the permissions of the running process.

Affected Systems

Affected systems include all OpenClaw installations running a version earlier than 2026.2.14. The vulnerability is tied to the OpenClaw product and is listed as affecting all builds before that release date, with no specific sub‑version constraints beyond the major release cutoff.

Risk and Exploitability

The CVSS score of 5.6 indicates a moderate impact, and the EPSS score of less than 1% reflects a low likelihood of widespread exploitation at present. The flaw is not listed in the CISA KEV catalog. Attackers would need to send a malicious skill package to a configured sandbox, implying a remote attack vector that requires the ability to upload or otherwise submit a skill. If the sandbox operates with elevated privileges, the potential for system compromise is significant; if it runs under restricted rights, the damage may be limited to files within the allowance of those permissions.

Generated by OpenCVE AI on April 16, 2026 at 12:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.14 or later, which fixes the path traversal in sandbox skill mirroring.
  • If an upgrade is not immediately possible, disable the sandbox skill mirroring feature to prevent the use of the vulnerable code path.
  • Implement validation on the skill package name field to disallow path traversal sequences or absolute paths before copying to the sandbox directory.

Generated by OpenCVE AI on April 16, 2026 at 12:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xw4p-pw82-hqr7 OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
History

Mon, 09 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L'}

Thu, 05 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.
Title OpenClaw < 2026.2.14 - Path Traversal in Sandbox Skill Mirroring via Name Parameter
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 5.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T17:10:45.115Z

Reserved: 2026-02-27T19:17:46.380Z

Link: CVE-2026-28457

cve-icon Vulnrichment

Updated: 2026-03-09T17:10:40.306Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:18.227

Modified: 2026-03-09T17:43:38.960

Link: CVE-2026-28457

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:15:35Z

Weaknesses