CVE-2026-28457 in OpenClaw
Summary
by MITRE • 03/06/2026
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/10/2026
The vulnerability identified as CVE-2026-28457 affects OpenClaw versions prior to 2026.2.14 and represents a critical path traversal flaw within the sandbox skill mirroring functionality. This vulnerability specifically targets the handling of skill frontmatter name parameters during the process of copying skills into the sandbox workspace environment. The flaw exists when the sandbox skill mirroring feature is enabled, creating a potential attack vector that could allow unauthorized file system manipulation beyond the intended sandbox boundaries.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization of the skill frontmatter name parameter. When attackers craft malicious skill packages containing traversal sequences such as ../ or absolute path references within the name field, the system fails to properly sanitize these inputs before using them in file system operations. This improper handling allows the system to interpret and execute these traversal sequences as legitimate path instructions, enabling attackers to navigate outside the designated sandbox workspace root directory and potentially write files to arbitrary locations on the system.
From an operational impact perspective, this vulnerability poses significant security risks to environments utilizing OpenClaw's sandbox functionality. Attackers could leverage this flaw to overwrite critical system files, inject malicious code into the sandbox environment, or potentially escalate privileges by writing to system directories. The vulnerability is particularly dangerous because it requires only a crafted skill package to exploit, making it accessible to attackers who may not possess elevated privileges initially. The impact extends beyond immediate file system compromise as it could enable further attacks within the broader system infrastructure.
The vulnerability aligns with CWE-22 Path Traversal and follows patterns consistent with ATT&CK technique T1059 Command and Scripting Interpreter, where adversaries manipulate system paths to execute unauthorized operations. Organizations should immediately update to OpenClaw version 2026.2.14 or later to remediate this vulnerability, as no effective workarounds exist for the sandbox skill mirroring feature. Additionally, administrators should implement strict input validation policies and monitor for suspicious skill package uploads, particularly those containing unusual path sequences or absolute path references that could indicate malicious intent.