PT-2026-20906 · Openclaw · Openclaw
Adam55A-Code
·
Published
2026-02-18
·
Updated
2026-02-20
·
CVE-2026-27008
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.2.15
Description
A flaw exists in the
download skill installation process of OpenClaw, specifically before version 2026.2.15. Insufficient validation of targetDir values within skill frontmatter allowed for potential file writing outside the intended installation sandbox during the admin-only skills.install flow. This could occur when the targetDir value was not strictly validated.Recommendations
Update to OpenClaw version 2026.2.15 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw