CVE-2026-32044

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.2

Description OpenClaw is susceptible to an issue related to archive extraction within the tar.bz2 installer path. This bypasses established safety checks applied to other archive formats. An attacker can create specially crafted malicious tar.bz2 skill archives to circumvent blocking of special entries and size limitations, potentially leading to a local denial of service during skill installation.

Recommendations Update OpenClaw to version 2026.3.2 or later.