Cyber Resilience

CVE-2026-28447

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 27.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28447 is a high-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28447 is a path traversal vulnerability (CWE-22) in the plugin installation feature of OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1. The flaw allows malicious plugin package names, particularly scoped names containing path traversal sequences like "..", to escape the intended extensions directory and write files to arbitrary locations outside the installation path when victims execute the "plugins install" command.

The vulnerability can be exploited by remote attackers requiring no privileges (PR:N) over the network (AV:N) with low attack complexity (AC:L), though it demands user interaction (UI:R) such as installing a crafted plugin package. Successful exploitation enables high-impact integrity (I:H) and availability (A:H) compromises with no confidentiality impact (C:N) and unchanged scope (S:U), earning a CVSS v3.1 base score of 8.1. Attackers can achieve arbitrary file writes beyond the extensions directory, potentially leading to system compromise depending on the targeted paths and permissions.

Advisories recommend upgrading to OpenClaw version 2026.2.1 or later to mitigate the issue. Detailed guidance is available in the GitHub security advisory (GHSA-qrq5-wjgg-rvqw) at https://github.com/openclaw/openclaw/security/advisories/GHSA-qrq5-wjgg-rvqw, the patching commit at https://github.com/openclaw/openclaw/commit/d03eca8450dc493b198a88b105fd180895238e57, and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-beta-path-traversal-in-plugin-installation-via-package-name.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files…

more

outside the intended installation directory when victims run the plugins install command.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Path traversal in plugin installer enables arbitrary file write when victim runs install on attacker-crafted package (T1204.002); resulting write of package contents to chosen locations directly facilitates transfer of malicious files/tools onto the system (T1105).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32055Same product: Openclaw Openclaw
CVE-2026-27523Same product: Openclaw Openclaw
CVE-2026-28393Same product: Openclaw Openclaw
CVE-2026-28457Same product: Openclaw Openclaw
CVE-2026-28462Same product: Openclaw Openclaw
CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-33581Same product: Openclaw Openclaw
CVE-2026-28482Same product: Openclaw Openclaw
CVE-2026-32026Same product: Openclaw Openclaw
CVE-2026-28453Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
2026.1.29 — 2026.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents path traversal attacks by validating plugin package names and paths to block sequences like '..' before file write operations.

prevent

Mandates timely flaw remediation, such as upgrading OpenClaw to version 2026.2.1, to eliminate the path traversal vulnerability.

prevent

Restricts user-installed software like plugins, preventing execution of the vulnerable 'plugins install' command with malicious packages.

References