Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
OpenClaw Skill Download Writes Files Outside Intended Directory
CVE-2026-27008
GHSA-h7f7-89mm-pqh6
Summary
A bug in OpenClaw allowed a malicious skill to write files to any location on the system instead of a safe, designated area. This could lead to data corruption or unauthorized access. To fix this, the developers will release a new version, OpenClaw 2026.2.15, which will be available soon. Users should update to the latest version as soon as it's released.
What to do
- Update steipete openclaw to version 2026.2.15.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.15 | 2026.2.15 |
| openclaw | openclaw | <= 2026.2.15 | – |
Original title
OpenClaw hardened the skill download target directory validation
Original description
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.14`
- Fixed in: planned release `2026.2.15`
## Impact
A bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated.
In the admin-only `skills.install` flow, this could write files outside the intended install sandbox.
## Fix Commit(s)
- 2363e1b08 fix(security): restrict skill download target paths
- b6305e972 test(skills): split installer security coverage
## Acknowledgement
Thanks @Adam55A-code for reporting.
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.14`
- Fixed in: planned release `2026.2.15`
## Impact
A bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated.
In the admin-only `skills.install` flow, this could write files outside the intended install sandbox.
## Fix Commit(s)
- 2363e1b08 fix(security): restrict skill download target paths
- b6305e972 test(skills): split installer security coverage
## Acknowledgement
Thanks @Adam55A-code for reporting.
nvd CVSS3.1
6.7
nvd CVSS4.0
6.8
Vulnerability type
CWE-73
- https://github.com/openclaw/openclaw/security/advisories/GHSA-h7f7-89mm-pqh6 Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27008
- https://github.com/advisories/GHSA-h7f7-89mm-pqh6
- https://github.com/openclaw/openclaw/commit/2363e1b0853a028e47f90dcc1066e3e9809d... Patch
- https://github.com/openclaw/openclaw/commit/b6305e97256d67e439719faacf5af3de9727... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.15 Product Release Notes
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026