CVE-2026-28447

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.20 through 2026.2.1

Description The software’s plugin installation process does not properly validate plugin package names, allowing attackers to write files outside the intended installation directory. Specifically, malicious plugin package names containing path traversal sequences, such as '..', can escape the extensions directory during installation. This can lead to unintended file writes, potentially overwriting files in the OpenClaw state directory. On Windows systems, the traversal surface may be wider due to insufficient sanitization of backslashes in the derived directory name. The package.json name field is used to derive the installation directory without robust validation. The vulnerable function is unscopedPackageName(). The API endpoint involved is openclaw plugins install. The variable package.json is used in the attack.

Recommendations Versions 2026.1.20 through 2026.2.1 should be updated to version 2026.2.1 or later.