Executive Summary

CVE-2026-32044 is a vulnerability in OpenClaw versions prior to 2026.3.2 that affects the tar.bz2 installer path. The issue arises because the extraction process for tar.bz2 archives lacks the safety checks that are applied to other archive formats. Attackers can create specially crafted tar.bz2 skill archives that bypass protections such as special-entry blocking and extracted-size guardrails.

This bypass allows malicious archives to cause a local denial of service (DoS) by consuming excessive resources or disrupting the installation process of skills. The vulnerability is related to improper handling of highly compressed data and uncontrolled resource consumption.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by causing a local denial of service (DoS) during the installation of skills in OpenClaw. Because the tar.bz2 extraction process does not enforce critical safety checks, maliciously crafted archives can bypass these protections and consume excessive system resources or disrupt the installation process.

The attack requires local access and some user interaction but does not require elevated privileges. The impact is limited to availability, with no direct effect on confidentiality or integrity.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unsafe extraction of tar.bz2 archives in OpenClaw versions prior to 2026.3.2. Detection involves inspecting the tar.bz2 skill archives used during installation for malicious entries that bypass safety checks.

One approach is to manually list and analyze the contents of tar.bz2 archives before installation using tar commands to detect suspicious entries such as symbolic links, oversized files, or unusual file types.

• Use `tar -tvjf <archive.tar.bz2>` to get a verbose listing of the archive contents, including file types and sizes.
• Check for symbolic links, hard links, FIFOs, sockets, or files with suspiciously large sizes that could indicate an attempt to bypass safety checks.
• Verify that the archive does not contain entries with paths that could lead to directory traversal (e.g., entries with `../`).

Additionally, computing a SHA-256 hash of the archive before and after inspection can help detect if the archive is being modified during validation.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.2 or later, where the vulnerability has been fixed by aligning the tar.bz2 extraction process with hardened centralized archive extraction logic.

Until the upgrade can be applied, avoid installing skills from tar.bz2 archives or ensure that such archives are thoroughly inspected for malicious entries before installation.

• Apply rigorous preflight checks on tar.bz2 archives, including verifying entry types, sizes, and paths to prevent extraction of unsafe files.
• Use SHA-256 hashing to ensure archive integrity before extraction.

Restrict user interaction with untrusted tar.bz2 skill archives and monitor for any local denial of service symptoms during skill installation.

Useful 0 Not Useful 0