CVE-2026-28457
Published: 05 March 2026
Summary
CVE-2026-28457 is a medium-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 12.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in sandbox skill mirroring directly allows writes outside workspace root, enabling sandbox escape to host (T1611) and arbitrary stored data manipulation via file overwrites (T1565.001).
NVD Description
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with…
more
traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.
Deeper analysisAI
CVE-2026-28457, published on 2026-03-05, is a path traversal vulnerability (CWE-22) in OpenClaw versions prior to 2026.2.14. The flaw affects the sandbox skill mirroring feature, which must be explicitly enabled, due to unsanitized use of the skill frontmatter name parameter during skill copying into the sandbox workspace. Attackers can exploit this by crafting skill packages with traversal sequences such as ../ or absolute paths in the name field, enabling file writes outside the sandbox workspace root directory. The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L).
Exploitation requires local access (AV:L) with low complexity (AC:L) and no privileges (PR:N), but depends on user interaction (UI:R), such as enabling sandbox skill mirroring and installing a malicious skill package. A successful attack allows file writes beyond the sandbox boundaries, resulting in high integrity impact (I:H) like overwriting critical files, alongside low availability impact (A:L), with no confidentiality loss (C:N).
Advisories recommend updating to OpenClaw 2026.2.14 or later to mitigate the issue, as evidenced by the patching commit at https://github.com/openclaw/openclaw/commit/3eb6a31b6fcf8268456988bfa8e3637d373438c2 and the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7. Further technical details on the path traversal in sandbox skill mirroring via the name parameter are provided in the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-path-traversal-in-sandbox-skill-mirroring-via-name-parameter.
Details
- CWE(s)