Login Sign Up

CVE-2026-27008

6.7 MEDIUM
Path Traversal

📋 TL;DR

OpenClaw versions before 2026.2.15 contain a path traversal vulnerability in the skill installation process. The bug allows malicious skill packages to write files outside the intended sandbox directory during admin-only skill installation. This affects OpenClaw instances where administrators install third-party skills.

💻 Affected Systems

Products:
  • OpenClaw
Versions: All versions prior to 2026.2.15
Operating Systems: All platforms running OpenClaw
Default Config Vulnerable: ⚠️ Yes
Notes: Only exploitable by users with admin privileges to the skills.install endpoint.

📦 What is this software?

Openclaw by Openclaw

View all CVEs affecting Openclaw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could achieve arbitrary file write as the OpenClaw process user, potentially leading to remote code execution, data corruption, or system compromise.

🟠

Likely Case

Malicious skill packages could overwrite configuration files, install backdoors, or exfiltrate sensitive data from the OpenClaw instance.

🟢

If Mitigated

With proper skill source validation and admin privilege restrictions, impact is limited to the OpenClaw application's data and configuration.

🌐 Internet-Facing: MEDIUM - Requires admin authentication to the skills.install endpoint, but internet-facing instances with admin access are at risk.
🏢 Internal Only: MEDIUM - Internal administrators installing untrusted skills could inadvertently introduce malicious packages.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires creating a malicious skill package with crafted targetDir values.

Exploitation requires admin access to install skills, making it a supply chain attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.2.15

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-h7f7-89mm-pqh6

Restart Required: Yes

Instructions:

1. Backup OpenClaw configuration and data. 2. Stop OpenClaw service. 3. Update to version 2026.2.15 using your package manager or from GitHub releases. 4. Restart OpenClaw service. 5. Verify the fix by checking the version.

🔧 Temporary Workarounds

Restrict skill installation sources

all

Only install skills from trusted, verified sources and repositories.

Implement skill validation

all

Add manual review of skill frontmatter before installation.

🧯 If You Can't Patch

  • Disable skill installation functionality entirely
  • Implement strict network controls to prevent external skill downloads

🔍 How to Verify

Check if Vulnerable:

Check if OpenClaw version is earlier than 2026.2.15 and if skills.install endpoint is accessible to admin users.

Check Version:

openclaw --version or check OpenClaw web interface version info

Verify Fix Applied:

Confirm OpenClaw version is 2026.2.15 or later and test skill installation with a safe test package.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations outside skill directories
  • Skill installation attempts with unusual targetDir paths

Network Indicators:

  • Downloads of skill packages from untrusted sources

SIEM Query:

source="openclaw.log" AND ("skills.install" OR "targetDir") AND path NOT CONTAINS "/skills/"

📊 Metadata

CVE ID: CVE-2026-27008
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N
CWE: CWE-73
Published: February 20, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27008, you might also want to check these:

CVE-2026-27211 10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virt...

Same vulnerability type (CWE-73)
CVE-2024-55371 9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that...

Same vulnerability type (CWE-73)
CVE-2025-29708 9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the ...

Same vulnerability type (CWE-73)