CVE-2026-28457
Published: 05 March 2026
Summary
CVE-2026-28457 is a medium-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-28457, published on 2026-03-05, is a path traversal vulnerability (CWE-22) in OpenClaw versions prior to 2026.2.14. The flaw affects the sandbox skill mirroring feature, which must be explicitly enabled, due to unsanitized use of the skill frontmatter name parameter during skill copying into the sandbox workspace. Attackers can exploit this by crafting skill packages with traversal sequences such as ../ or absolute paths in the name field, enabling file writes outside the sandbox workspace root directory. The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L).
Exploitation requires local access (AV:L) with low complexity (AC:L) and no privileges (PR:N), but depends on user interaction (UI:R), such as enabling sandbox skill mirroring and installing a malicious skill package. A successful attack allows file writes beyond the sandbox boundaries, resulting in high integrity impact (I:H) like overwriting critical files, alongside low availability impact (A:L), with no confidentiality loss (C:N).
Advisories recommend updating to OpenClaw 2026.2.14 or later to mitigate the issue, as evidenced by the patching commit at https://github.com/openclaw/openclaw/commit/3eb6a31b6fcf8268456988bfa8e3637d373438c2 and the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7. Further technical details on the path traversal in sandbox skill mirroring via the name parameter are provided in the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-path-traversal-in-sandbox-skill-mirroring-via-name-parameter.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9905
Vulnerability details
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with…
more
traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in sandbox skill mirroring directly allows writes outside workspace root, enabling sandbox escape to host (T1611) and arbitrary stored data manipulation via file overwrites (T1565.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of the skill frontmatter name parameter to reject path traversal sequences before any file copy occurs.
Enforces that all file-write operations remain confined to the authorized sandbox workspace root, blocking writes outside that boundary.
Controls information flow so that data originating from an untrusted skill package cannot escape the sandbox via crafted paths.