CVE-2026-28453 Overview
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability (CWE-22) in the TAR archive extraction functionality. The application fails to properly validate archive entry paths during extraction, allowing attackers to craft malicious archives containing path traversal sequences such as ../../ to write files outside the intended extraction directory. This vulnerability can lead to configuration tampering and potentially enable arbitrary code execution on affected systems.
Critical Impact
Attackers can exploit this path traversal vulnerability to write arbitrary files outside extraction boundaries, potentially overwriting critical configuration files or placing malicious executables in sensitive directories.
Affected Products
- OpenClaw versions prior to 2026.2.14
Discovery Timeline
- 2026-03-05 - CVE CVE-2026-28453 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28453
Vulnerability Analysis
This vulnerability is a classic "Zip Slip" style path traversal attack adapted for TAR archive extraction. When OpenClaw processes TAR archives, it extracts file entries without properly validating that the destination paths remain within the intended extraction directory. The lack of path canonicalization and boundary checking allows specially crafted archive entries with relative path components to escape the extraction root directory.
The vulnerability requires local access and user interaction to trigger—specifically, a user must extract a malicious TAR archive. Once exploited, an attacker gains the ability to write files with the privileges of the user running OpenClaw, potentially compromising system configuration files, injecting malicious code into application directories, or overwriting critical binaries.
Root Cause
The root cause lies in the absence of proper path validation during archive extraction. The original implementation directly used file paths from TAR archive entries without verifying that the resolved destination path remained within the designated extraction directory. Path traversal sequences like ../ were not sanitized or rejected, allowing malicious archive entries to specify arbitrary write locations on the filesystem.
Attack Vector
An attacker exploits this vulnerability by crafting a malicious TAR archive containing entries with path traversal sequences. When a victim extracts this archive using a vulnerable version of OpenClaw, the malicious entries write files outside the expected extraction directory. The attack scenario involves:
- Attacker creates a TAR archive with entries containing paths like ../../../../etc/cron.d/malicious
- Victim downloads or receives the malicious archive
- Victim extracts the archive using OpenClaw
- Malicious files are written to attacker-controlled locations outside the extraction boundary
The security patch introduces the resolvePathWithinRoot function that properly validates extracted paths:
import path from "node:path";
import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js";
export const DEFAULT_BROWSER_TMP_DIR = resolvePreferredOpenClawTmpDir();
export const DEFAULT_TRACE_DIR = DEFAULT_BROWSER_TMP_DIR;
export const DEFAULT_DOWNLOAD_DIR = path.join(DEFAULT_BROWSER_TMP_DIR, "downloads");
export const DEFAULT_UPLOAD_DIR = path.join(DEFAULT_BROWSER_TMP_DIR, "uploads");
export function resolvePathWithinRoot(params: {
rootDir: string;
requestedPath: string;
scopeLabel: string;
defaultFileName?: string;
}): { ok: true; path: string } | { ok: false; error: string } {
const root = path.resolve(params.rootDir);
const raw = params.requestedPath.trim();
if (!raw) {
if (!params.defaultFileName) {
return { ok: false, error: "path is required" };
}
return { ok: true, path: path.join(root, params.defaultFileName) };
}
const resolved = path.resolve(root, raw);
const rel = path.relative(root, resolved);
if (!rel || rel.startsWith("..") || path.isAbsolute(rel)) {
return { ok: false, error: `Invalid path: must stay within ${params.scopeLabel}` };
}
return { ok: true, path: resolved };
}
Source: GitHub Commit
Detection Methods for CVE-2026-28453
Indicators of Compromise
- Unexpected files appearing in directories outside normal extraction paths, particularly in system configuration directories (/etc/, ~/.config/)
- TAR archives containing entries with ../ path sequences in their filenames
- File modification timestamps on system files that coincide with archive extraction activities
- New or modified files in startup directories, cron directories, or application plugin folders
Detection Strategies
- Monitor file system operations for write attempts to sensitive directories during archive extraction processes
- Implement file integrity monitoring (FIM) on critical system directories to detect unauthorized modifications
- Analyze TAR archive contents before extraction for path traversal indicators using archive inspection tools
- Deploy endpoint detection rules that flag archive extraction operations writing files outside expected boundaries
Monitoring Recommendations
- Enable audit logging for file creation and modification events in sensitive system directories
- Implement application-level logging for OpenClaw archive operations including source archive paths and extraction destinations
- Configure SIEM alerts for patterns indicating path traversal exploitation such as ../ sequences in file paths
- Monitor for unusual file write patterns from the OpenClaw process
How to Mitigate CVE-2026-28453
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.14 or later immediately
- Audit systems for signs of exploitation by checking for unexpected files in sensitive directories
- Review any recently extracted TAR archives for malicious content
- Restrict archive extraction permissions to dedicated directories with appropriate access controls
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.14. The fix introduces the resolvePathWithinRoot function that validates all extracted file paths remain within the intended extraction boundary. The patch canonicalizes paths using path.resolve() and verifies the relative path does not escape the root directory by checking for .. prefixes or absolute paths.
For detailed patch information, refer to the GitHub Security Advisory and the security commit.
Workarounds
- Extract archives in isolated, sandboxed environments or containers with limited filesystem access
- Manually inspect TAR archive contents using tar -tvf before extraction to identify suspicious path entries
- Configure extraction directories with restricted permissions to minimize the impact of potential path traversal
- Use archive validation tools that reject entries containing path traversal sequences
# Configuration example
# Inspect TAR archive for path traversal sequences before extraction
tar -tvf suspicious_archive.tar | grep -E '\.\.\/'
# Extract to an isolated directory with restricted permissions
mkdir -p /tmp/safe_extract
chmod 700 /tmp/safe_extract
tar -xf archive.tar -C /tmp/safe_extract
# Verify no files escaped the extraction directory
find /tmp -newer /tmp/safe_extract -type f
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
