PT-2026-37025 · Openclaw · Openclaw
Keensecuritylab
·
Published
2026-05-05
·
Updated
2026-05-05
·
CVE-2026-43570
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions 2026.3.22 through 2026.4.4
Description
An issue in remote marketplace repository path handling allows attackers to escape the expected repository root. This is achieved by providing crafted symlink paths to access files outside the intended repository directory.
Recommendations
Update to version 2026.4.5.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw