← Retour aux CVEs
CVE-2026-32044
MEDIUM5.5
Description
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation.
Details CVE
Score CVSS v3.15.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/21/2026
Derniere modification3/23/2026
Sourcenvd
Observations honeypot0
Produits affectes
openclaw:openclaw
Faiblesses (CWE)
CWE-409
References
https://github.com/openclaw/openclaw/commit/0dbb92dd2bcf9a32379d11c0f11ed016669dae3e(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-tar-archive-safety-bypass-in-skills-installation(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.