CVE-2026-27670 in OpenClawinfo

Zusammenfassung

von MITRE • 19.03.2026

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding parent directory symlinks to redirect writes outside the extraction root.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

23.02.2026

Veröffentlichung

19.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351665

CPE

bereit

CWE

CWE-367 (bestätigt)

CVSS

5.3 (CNA)

EPSS

0.00014

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Pharma, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27670
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27670
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27670/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!