High severityNVD Advisory· Published Mar 5, 2026· Updated Mar 9, 2026
OpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive Extraction
CVE-2026-28453
Description
OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundaries, potentially enabling configuration tampering and code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.14 | 2026.2.14 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/3aa94afcfd12104c683c9cad81faf434d0dadf87ghsapatchWEB
- github.com/advisories/GHSA-p25h-9q54-ffvwghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-p25h-9q54-ffvwghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-28453ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-zip-slip-path-traversal-in-tar-archive-extractionghsathird-party-advisoryWEB
News mentions
0No linked articles in our index yet.