MEDIUM 6.5
GHSA-35mw-5vvr-vrxc
OpenClaw contains a symlink traversal vulnerability
상세
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cr8r-7g2h-6wr6 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-43570 [ADVISORY]
- https://github.com/openclaw/openclaw/commit/94b0062e90467e1582b47cc971f308457c537f3a [WEB]
- https://github.com/openclaw/openclaw/commit/b1dd3ded3589f6fa60ab85b3930a82d538edaeae [WEB]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-remote-marketplace-repository-path-handling [WEB]