Path traversal in OpenClaw - CVE-2026-27008
Published: May 4, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to write files outside the intended install sandbox.
The vulnerability exists due to improper path restriction in the download skill installation target directory validation when processing targetDir values from skill frontmatter during the skills.install flow. A remote user can supply a specially crafted skill package to write files outside the intended install sandbox.
The issue is limited to the admin-only skills.install flow.