CVE-2026-28457 – OpenClaw versions before 2026.2.14 have a path ... (How to Fix)

Q: What is the severity of CVE-2026-28457?

CVE-2026-28457 has a CVSS score of 6.1 (MEDIUM). OpenClaw versions before 2026.2.14 have a path traversal vulnerability in sandbox skill mirroring when enabled. Attackers can craft skill packages with traversal sequences in the name field to write files outside the sandbox workspace directory. This affects OpenClaw installations with sandbox skill mirroring enabled.

📋 TL;DR

OpenClaw versions before 2026.2.14 have a path traversal vulnerability in sandbox skill mirroring when enabled. Attackers can craft skill packages with traversal sequences in the name field to write files outside the sandbox workspace directory. This affects OpenClaw installations with sandbox skill mirroring enabled.

💻 Affected Systems

Products:

OpenClaw

Versions: All versions prior to 2026.2.14

Operating Systems: All platforms running OpenClaw

Default Config Vulnerable: ✅ No

Notes: Requires sandbox skill mirroring to be enabled (not default).

📦 What is this software?

Openclaw by Openclaw

View all CVEs affecting Openclaw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary file write leading to remote code execution, data exfiltration, or system compromise if attacker can write to sensitive locations.

🟠

Likely Case

Unauthorized file writes to adjacent directories, potentially overwriting configuration files or planting malicious scripts.

🟢

If Mitigated

Limited to sandbox workspace directory with proper input validation and path sanitization.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to upload crafted skill packages and sandbox skill mirroring enabled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.2.14

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7

Restart Required: Yes

Instructions:

1. Update OpenClaw to version 2026.2.14 or later. 2. Restart the OpenClaw service. 3. Verify the fix by checking version.

🔧 Temporary Workarounds

Disable sandbox skill mirroring

all

Disable the vulnerable feature until patching is possible.

Edit OpenClaw configuration to set 'sandbox_skill_mirroring: false'

🧯 If You Can't Patch

Disable sandbox skill mirroring feature in configuration.
Restrict skill package uploads to trusted sources only.

🔍 How to Verify

Check if Vulnerable:

Check OpenClaw version and if sandbox skill mirroring is enabled in configuration.

Check Version:

openclaw --version

Verify Fix Applied:

Confirm OpenClaw version is 2026.2.14 or later and test skill upload with traversal sequences.

📡 Detection & Monitoring

Log Indicators:

Unusual file write attempts outside sandbox workspace
Skill uploads with suspicious name parameters containing ../ or absolute paths

Network Indicators:

Skill package uploads to OpenClaw API endpoints

SIEM Query:

source="openclaw.log" AND ("../" OR "/etc/" OR "/root/") AND "skill_upload"

📊 Metadata

CVE ID: CVE-2026-28457

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

CWE: CWE-22

Published: March 5, 2026

Last Updated: March 9, 2026

🔗 References

https://github.com/openclaw/openclaw/commit/3eb6a31b6fcf8268456988bfa8e3637d373438c2 Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7 Vendor Advisory,Patch
https://www.vulncheck.com/advisories/openclaw-path-traversal-in-sandbox-skill-mirroring-via-name-parameter Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-28457, you might also want to check these: