CVE-2026-28453 OpenClaw — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.3 (HIGH)
Affected Versions	before 2026.2.14
Type	CWE-22 (Path Traversal (Обход пути))
Vendor	OpenClaw
Public PoC	No

OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundaries, potentially enabling configuration tampering and code execution.

Attack Parameters

Attack Vector

Local

Нужен локальный доступ

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

Active

Нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-22 Path Traversal (Обход пути)

References 3

https://github.com/openclaw/openclaw/commit/3aa94afcfd12104c683c9cad81faf434d0d…

disclosure@vulncheck.com

https://github.com/openclaw/openclaw/security/advisories/GHSA-p25h-9q54-ffvw

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/openclaw-zip-slip-path-traversal-in-tar-ar…

disclosure@vulncheck.com

Menu

CVE-2026-28453

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice