A path traversal (Zip Slip) issue in archive extraction during explicit installation commands could allow a crafted archive to write files outside the intended extraction directory.
openclaw (npm)>=2026.1.16-2 <2026.2.142026.2.14This only affects users who run installation commands against an untrusted archive (local file or download URL), for example:
openclaw skills install (download+extract installers)openclaw hooks install (archive installs)openclaw plugins install (archive installs)openclaw signal install (signal-cli asset extraction)It is not triggered by receiving messages or normal gateway operation.
Arbitrary file write as the current user. In the worst case this can be used for persistence or code execution if an attacker can convince a user to install a crafted archive.
3aa94afcfd12104c683c9cad81faf434d0dadf872026.2.14OpenClaw thanks @markmusson for reporting.
| Score | Percentile |
|---|---|
| 0.03% | 8.76% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.1 | 3.1 | — |
|
| 6.9 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-v892-hwpg-jwqp ↗ |
| CVE | CVE-2026-28486 ↗ |
| CWE id | Name |
|---|---|
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | >= 2026.1.16-2, < 2026.2.14 | 2026.2.14 | — |