DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-P25H-9Q54-FFVW: OpenClaw Zip Slip Path Traversal in Archive Extraction

#security #cve #cybersecurity #ghsa

OpenClaw Zip Slip Path Traversal in Archive Extraction

Vulnerability ID: GHSA-P25H-9Q54-FFVW
CVSS Score: 8.8
Published: 2026-03-02

OpenClaw versions prior to 2026.2.14 contain a critical path traversal vulnerability, commonly known as 'Zip Slip', within the archive extraction and browser tool file handling components. This flaw allows remote attackers to write arbitrary files to the host filesystem by providing malicious archives or filenames containing directory traversal sequences. Successful exploitation can lead to Remote Code Execution (RCE) by overwriting sensitive configuration files or executables.

TL;DR

Unsafe TAR/ZIP extraction in OpenClaw allows arbitrary file overwrite via directory traversal. Fixed in version 2026.2.14.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • CWE Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Attack Vector: Network
  • CVSS v3.1: 8.8 (High)
  • Impact: Arbitrary File Write / RCE
  • Exploit Status: Proof of Concept Available

Affected Systems

  • OpenClaw Automation Framework
  • Node.js environments executing OpenClaw skills
  • OpenClaw: < 2026.2.14 (Fixed in: 2026.2.14)

Code Analysis

Commit: 3aa94af

fix: mitigate zip slip vulnerability in archive extraction and browser downloads

N/A
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub Commit: Regression tests included in the fix commit demonstrate the traversal vector.

Mitigation Strategies

  • Input Validation
  • Path Canonicalization
  • Principle of Least Privilege

Remediation Steps:

  1. Update OpenClaw to version 2026.2.14 or later immediately.
  2. Verify that no unexpected files have been created in sensitive directories (e.g., /etc, /usr/bin, user home directories) if the system has processed untrusted skills.
  3. Review custom automation scripts to ensure they do not implement unsafe archive extraction logic.

References

Read the full report for GHSA-P25H-9Q54-FFVW on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)