CVE-2026-27670 in OpenClawالمعلومات

الملخص

بحسب MITRE • 19/03/2026

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding parent directory symlinks to redirect writes outside the extraction root.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

23/02/2026

إفشاء

19/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-351665

CPE

جاهز

CWE

CWE-367 (مؤكد)

CVSS

5.3 (CNA)

EPSS

0.00014

KEV

لا

النشاطات

منخفض جدًا

القطاع

Police, Pharma, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27670
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27670
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27670/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!