Vulnerabilities

CVE-2026-28486 - OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extracti...

2026-03-06 0 views admin

CVE ID : CVE-2026-28486 Published : March 5, 2026, 10:16 p.m. | 1 hour, 28 minutes ago Description : OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks install, plugins install, or signal install commands, write files to arbitrary locations enabling persistence or code execution. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-28486

Severity

HIGH

Published

March 5, 2026

Impact: path traversal

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-28486high

CVE-2026-28486 - OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extracti...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-29606 - OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback ...

CVE-2026-28485 - OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP E...

CVE-2026-28484 - OpenClaw 2026.2.15 - Option Injection in pre-commit Hook via Malicious Filenames

CVE-2026-28482 - OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile ...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting