CVE-2026-33574 in OpenClawinformación

Resumen (Inglés)

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.

Responsable

VulnCheck

Reservar

2026-03-23

Divulgación

2026-03-29

Voces

Fecha de publicación	Base	Temp	Vulnerabilidad	CWE	Prod	Exp	Con	EPSS	CTI	CVE
2026-03-29	5.7	5.6	OpenClaw condición de carrera	367	Artificial Intelligence Software	No está definido	Arreglo oficial	0.00000	6.94-	CVE-2026-33574

Mostrar más

Descripción
Cambios
Inteligencia de amenazas
API/JSON

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!