Platform
nodejs
Component
openclaw
Fixed in
2026.2.14
CVE-2026-28453 describes a Path Traversal vulnerability discovered in OpenClaw. This flaw allows attackers to manipulate TAR archive extraction paths, potentially writing files outside the designated directory. Versions of OpenClaw prior to 2026.2.14 are affected. A patch has been released, resolving this security concern.
The core of this vulnerability lies in OpenClaw's insufficient validation of TAR archive entry paths during extraction. An attacker can craft a specially designed TAR archive containing traversal sequences, such as ../../, to escape the intended extraction directory. This allows them to write files to arbitrary locations on the system. Successful exploitation could lead to configuration file modification, overwriting critical system files, or even the injection of malicious code, ultimately resulting in remote code execution. The blast radius depends on the permissions of the OpenClaw process and the targeted system’s configuration.
CVE-2026-28453 was publicly disclosed on March 5, 2026. The vulnerability is not currently listed on the CISA KEV catalog, and no public proof-of-concept exploits have been identified as of this writing. The CVSS score of 7.5 (High) indicates a significant potential for exploitation if the vulnerability is exposed and accessible to attackers.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-28453 is to immediately upgrade OpenClaw to version 2026.2.14 or later. If upgrading is not immediately feasible due to compatibility concerns or system downtime requirements, consider implementing strict input validation on any TAR archives processed by OpenClaw. This could involve whitelisting allowed filenames or using a secure archive extraction library that performs robust path validation. While not a complete solution, restricting file write permissions for the OpenClaw process can limit the potential impact of a successful attack. After upgrading, verify the fix by attempting to extract a malicious TAR archive containing path traversal sequences and confirming that the extraction is denied.
Update the OpenClaw library to version 2026.2.14 or later. This corrects the path traversal vulnerability by properly validating TAR archive entry paths during extraction.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28453 is a Path Traversal vulnerability in OpenClaw versions 0–2026.2.14 that allows attackers to write files outside the intended directory via malicious TAR archives, potentially leading to code execution.
You are affected if you are running OpenClaw versions 0 through 2026.2.14 and process TAR archives, especially those from untrusted sources.
Upgrade OpenClaw to version 2026.2.14 or later. If immediate upgrade is not possible, implement strict input validation on TAR archives.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the official OpenClaw security advisories on their website or GitHub repository for the most up-to-date information and guidance.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.