OpenClaw Archive Extraction Path Traversal via Symlinks
Vulnerability ID: GHSA-JXRQ-8FM4-9P58
CVSS Score: 8.8
Published: 2026-03-03
A critical path traversal vulnerability exists in the OpenClaw AI assistant platform's archive extraction logic. The flaw allows attackers to bypass directory confinement by leveraging pre-existing symbolic links within the destination directory. This facilitates arbitrary file writes outside the intended extraction root, potentially leading to Remote Code Execution (RCE) by overwriting sensitive system files or application code.
TL;DR
OpenClaw versions before 2026.1.29 are vulnerable to a 'Zip Slip' variant involving symbolic links. Attackers can overwrite arbitrary files on the host system if the extraction directory contains a symlink pointing to a sensitive location.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-59
- Attack Vector: Network / Local
- CVSS Score: 8.8
- Impact: Arbitrary File Write / RCE
- Patch Status: Available
- Exploit Maturity: Proof of Concept
Affected Systems
- OpenClaw Personal AI Assistant
-
openclaw: < 2026.1.29 (Fixed in:
2026.1.29)
Code Analysis
Commit: 4b226b7
Fix zip extraction symlink traversal vulnerability
Exploit Details
- GitHub Commit Tests: Exploit test case included in the fix commit demonstrating the bypass
Mitigation Strategies
- Upgrade to patched version
- Input validation
- Filesystem isolation
Remediation Steps:
- Update the
openclawdependency to version2026.1.29or later. - Verify that the application runs with the least privilege necessary, restricting write access to sensitive system paths.
- Configure the application to clean extraction directories before processing new archives to remove potential pre-seeded symlinks.
References
- GitHub Advisory: OpenClaw Zip extraction symlink traversal
- OpenClaw Security Policy
- OpenClaw Plugin Documentation
Read the full report for GHSA-JXRQ-8FM4-9P58 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)