CVE
CVE-2026-28457
OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Overview
In affected versions, OpenClaw’s sandbox skill mirroring used the skill’s frontmatter name as part of the destination path when copying skills into the sandbox workspace. A crafted skill name containing traversal segments (for example ../) or an absolute path could cause the copy to write outside <sandbox_workspace>/skills/.
Impact
- Files may be written outside the sandbox workspace root (within the permissions of the user running OpenClaw).
Attack Requirements
- Attacker can provide a skill package (controls
SKILL.mdfrontmatter). - Victim runs with sandbox enabled and skill mirroring into the sandbox workspace.
Affected Packages / Versions
openclaw(npm):< 2026.2.14
Fixed In
openclaw(npm):>= 2026.2.14
Fix Commit(s)
- 3eb6a31b6fcf8268456988bfa8e3637d373438c2
OpenClaw thanks @1seal for reporting.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
5.6
-
4.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L
C
H
U
7.1
-
3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L
Related Resources
No items found.
References
https://github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7, https://nvd.nist.gov/vuln/detail/CVE-2026-28457, https://github.com/openclaw/openclaw/commit/3eb6a31b6fcf8268456988bfa8e3637d373438c2, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-path-traversal-in-sandbox-skill-mirroring-via-name-parameter
Basic Information
Ecosystem
