Количество 2
Количество 2
CVE-2026-28457
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.
GHSA-xw4p-pw82-hqr7
OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-28457 OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory. | CVSS3: 6.1 | 0% Низкий | 26 дней назад |
| GHSA-xw4p-pw82-hqr7 OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace | CVSS3: 7.1 | 0% Низкий | 29 дней назад |
Уязвимостей на страницу