Security Advisory

CVE-2026-27008

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 23:23:32

Last updated 2026-02-20 15:37:09

Assigner GitHub_M

State PUBLISHED

Description

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only `skills.install` flow, this could write files outside the intended install sandbox. Version 2026.2.15 contains a fix for the issue.

← Browse all CVEs View on cve.org ↗