PT-2026-27029 — Time Of Check To Time Of Use in Npm Openclaw

PT-2026-27029 · Npm · Openclaw

Published

2026-03-12

Updated

2026-03-12

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

OpenClaw's skills download installer validated the intended per-skill tools root lexically, but later reused that mutable path while downloading and copying the archive into place. If a local attacker could rebind that tools-root path between validation and the final write, the installer could be redirected to write outside the intended tools directory.

The fix pins the canonical per-skill tools root immediately after validation and derives later download/copy paths from that canonical root, so rebinding the lexical path fails closed instead of redirecting the write.

Affected Packages / Versions

Package: openclaw (npm)
Latest published vulnerable version: 2026.3.7
Affected range: <= 2026.3.7
Fixed in released version: 2026.3.8

Fix Commit(s)

9abf014f3502009faf9c73df5ca2cff719e54639

Release Verification

Verified fixed in GitHub release v2026.3.8 published on March 9, 2026.
Verified npm view openclaw version resolves to 2026.3.8.
Verified the release contains the regression test covering tools-root rebinding and that the test passes against the v2026.3.8 tree.

Thanks @tdjackey for reporting.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

GHSA-VHWF-4X96-VQX2

Affected Products

Openclaw