Описание
OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Overview
In affected versions, OpenClaw’s sandbox skill mirroring used the skill’s frontmatter name as part of the destination path when copying skills into the sandbox workspace. A crafted skill name containing traversal segments (for example ../) or an absolute path could cause the copy to write outside <sandbox_workspace>/skills/.
Impact
- Files may be written outside the sandbox workspace root (within the permissions of the user running OpenClaw).
Attack Requirements
- Attacker can provide a skill package (controls
SKILL.mdfrontmatter). - Victim runs with sandbox enabled and skill mirroring into the sandbox workspace.
Affected Packages / Versions
openclaw(npm):< 2026.2.14
Fixed In
openclaw(npm):>= 2026.2.14
Fix Commit(s)
- 3eb6a31b6fcf8268456988bfa8e3637d373438c2
OpenClaw thanks @1seal for reporting.
Ссылки
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7
- https://nvd.nist.gov/vuln/detail/CVE-2026-28457
- https://github.com/openclaw/openclaw/commit/3eb6a31b6fcf8268456988bfa8e3637d373438c2
- https://www.vulncheck.com/advisories/openclaw-path-traversal-in-sandbox-skill-mirroring-via-name-parameter
Пакеты
openclaw
< 2026.2.14
2026.2.14
Связанные уязвимости
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.