CVE-2026-28447 in OpenClaw
Summary
by MITRE • 03/06/2026
OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/11/2026
The vulnerability identified as CVE-2026-28447 affects OpenClaw versions prior to 2026.2.1, specifically targeting the plugin installation mechanism within the software ecosystem. This issue represents a critical path traversal flaw that undermines the security boundaries established by the application's extension management system. The vulnerability manifests when users execute the plugins install command with maliciously crafted package names that contain directory traversal sequences, allowing attackers to bypass intended installation restrictions and write files beyond the designated extensions directory.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization within the plugin installation process. When OpenClaw processes plugin package names, it fails to properly sanitize or validate the presence of path traversal sequences such as ".." or similar constructs that could enable attackers to navigate outside the intended installation boundaries. This flaw directly maps to CWE-22, which categorizes path traversal vulnerabilities as weaknesses that allow attackers to access files or directories outside the intended scope. The vulnerability operates at the file system level, where the application's installation routine does not adequately restrict the paths to which files can be written, creating a direct attack surface for privilege escalation and arbitrary file manipulation.
The operational impact of this vulnerability extends beyond simple file system compromise, as it enables attackers to potentially overwrite critical system files, inject malicious code into the application's runtime environment, or establish persistent backdoors within the system. When victims execute the plugins install command with specially crafted package names, the malicious traversal sequences can cause the installation process to write files to arbitrary locations on the system, potentially including system directories, configuration files, or even executable components that could be leveraged for further exploitation. This vulnerability aligns with ATT&CK technique T1059.001 for command and scripting interpreter, as attackers could potentially use this flaw to execute malicious code through compromised plugin installations, and T1078.004 for valid accounts, since the exploitation typically occurs through legitimate user interaction with the installation process.
Organizations utilizing OpenClaw versions prior to 2026.2.1 face significant risk from this vulnerability, as it provides attackers with a straightforward method to compromise the integrity of the application's extension system. The vulnerability is particularly concerning because it requires no special privileges beyond normal user access to execute, making it accessible to a broad range of threat actors. Security professionals should prioritize immediate remediation efforts, including updating to OpenClaw version 2026.2.1 or later, which implements proper input sanitization and path validation mechanisms. Additionally, organizations should conduct comprehensive security reviews of their plugin management processes and consider implementing additional controls such as file system access monitoring and integrity checks to detect potential exploitation attempts. The vulnerability demonstrates the critical importance of proper input validation in preventing path traversal attacks, a fundamental security principle that should be applied consistently across all application components that handle user-supplied data.