High severity8.1NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026
CVE-2026-41364
CVE-2026-41364
Description
OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.31 | 2026.3.31 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dcnvdPatchWEB
- github.com/advisories/GHSA-fv94-qvg8-xqpwghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpwnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41364ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-uploadnvdThird Party AdvisoryWEB
- github.com/openclaw/openclaw/releases/tag/v2026.3.31ghsaWEB
News mentions
0No linked articles in our index yet.