CVE-2026-33574 in OpenClawinformation

Résumé (Anglaise)

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.

Responsable

VulnCheck

Réserver

23/03/2026

Divulgation

29/03/2026

Entrées

Publié	Base	Temp	Vulnérabilité	CWE	Prod	Exp	Con	EPSS	CTI	CVE
29/03/2026	5.7	5.6	OpenClaw race condition	367	Artificial Intelligence Software	Non défini	Correctif officiel	0.00000	5.61+	CVE-2026-33574

Montrer plus

Description
Changements
Renseignements sur les menaces
API/JSON

◂ PrécédentAperçuSuivant ▸

Want to know what is going to be exploited?

We predict KEV entries!