GHSA-V892-HWPG-JWQP

Vulnerability from github – Published: 2026-03-02 23:23 – Updated: 2026-03-06 01:05
VLAI?
Summary
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands
Details

Summary

A path traversal (Zip Slip) issue in archive extraction during explicit installation commands could allow a crafted archive to write files outside the intended extraction directory.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: >=2026.1.16-2 <2026.2.14
  • Fixed version: 2026.2.14

Affected Commands / Flows

This only affects users who run installation commands against an untrusted archive (local file or download URL), for example:

  • openclaw skills install (download+extract installers)
  • openclaw hooks install (archive installs)
  • openclaw plugins install (archive installs)
  • openclaw signal install (signal-cli asset extraction)

It is not triggered by receiving messages or normal gateway operation.

Impact

Arbitrary file write as the current user. In the worst case this can be used for persistence or code execution if an attacker can convince a user to install a crafted archive.

Fix

  • Fix commit: 3aa94afcfd12104c683c9cad81faf434d0dadf87
  • Released in: 2026.2.14

Credits

OpenClaw thanks @markmusson for reporting.

Severity ?
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2026.1.16-2"
            },
            {
              "fixed": "2026.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-02T23:23:03Z",
    "nvd_published_at": "2026-03-05T22:16:23Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nA path traversal (Zip Slip) issue in archive extraction during explicit installation commands could allow a crafted archive to write files outside the intended extraction directory.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003e=2026.1.16-2 \u003c2026.2.14`\n- Fixed version: `2026.2.14`\n\n## Affected Commands / Flows\n\nThis only affects users who run installation commands against an untrusted archive (local file or download URL), for example:\n\n- `openclaw skills install` (download+extract installers)\n- `openclaw hooks install` (archive installs)\n- `openclaw plugins install` (archive installs)\n- `openclaw signal install` (signal-cli asset extraction)\n\nIt is not triggered by receiving messages or normal gateway operation.\n\n## Impact\n\nArbitrary file write as the current user. In the worst case this can be used for persistence or code execution if an attacker can convince a user to install a crafted archive.\n\n## Fix\n\n- Fix commit: `3aa94afcfd12104c683c9cad81faf434d0dadf87`\n- Released in: `2026.2.14`\n\n## Credits\n\nOpenClaw thanks @markmusson for reporting.",
  "id": "GHSA-v892-hwpg-jwqp",
  "modified": "2026-03-06T01:05:42Z",
  "published": "2026-03-02T23:23:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v892-hwpg-jwqp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28486"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/3aa94afcfd12104c683c9cad81faf434d0dadf87"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-zip-slip-in-archive-extraction-via-installation-commands"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.