PT-2026-27029 · Npm · Openclaw
Publicado
2026-03-12
·
Atualizado
2026-03-12
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
OpenClaw's skills download installer validated the intended per-skill tools root lexically, but later reused that mutable path while downloading and copying the archive into place. If a local attacker could rebind that tools-root path between validation and the final write, the installer could be redirected to write outside the intended tools directory.
The fix pins the canonical per-skill tools root immediately after validation and derives later download/copy paths from that canonical root, so rebinding the lexical path fails closed instead of redirecting the write.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published vulnerable version:
2026.3.7 - Affected range:
<= 2026.3.7 - Fixed in released version:
2026.3.8
Fix Commit(s)
9abf014f3502009faf9c73df5ca2cff719e54639
Release Verification
- Verified fixed in GitHub release
v2026.3.8published on March 9, 2026. - Verified
npm view openclaw versionresolves to2026.3.8. - Verified the release contains the regression test covering tools-root rebinding and that the test passes against the
v2026.3.8tree.
Thanks @tdjackey for reporting.
Correção
Time Of Check To Time Of Use
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw