PT-2026-26223 · Openclaw · Openclaw
Tdjackey
·
Published
2026-03-02
·
Updated
2026-03-21
·
CVE-2026-27670
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.2
Description
OpenClaw is affected by a race condition during ZIP file extraction. This allows local attackers to write files to locations outside the intended destination directory. The issue arises from a time-of-check-time-of-use race condition between path validation and file write operations. Attackers can exploit this by manipulating symlinks to redirect file writes outside the designated extraction root.
Recommendations
Update OpenClaw to version 2026.3.2 or later.
Fix
Link Following
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw