CVE-2026-33574
Path Traversal in OpenClaw Installer Enables Local Directory Hijack
Publication date: 2026-03-29
Last updated on: 2026-03-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33574 is a path traversal vulnerability in the OpenClaw npm package versions before 2026.3.8. It occurs in the skills download installer component, where the installer first lexically validates the tools root directory but then reuses a mutable path during the download and copying of skill archives. This creates a time-of-check to time-of-use (TOCTOU) race condition, allowing a local attacker to rebind the tools-root path between validation and the final write operation.
By exploiting this, the attacker can redirect the installer to write files outside the intended tools directory, potentially leading to unauthorized file writes.
The vulnerability was fixed in version 2026.3.8 by pinning the canonical tools root path immediately after validation, ensuring all subsequent operations use this fixed path and preventing path rebinding attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a local attacker to redirect file writes outside the intended tools directory, potentially leading to unauthorized file system access or modification.
Such unauthorized file writes could pose risks to data integrity and confidentiality, which are critical aspects of compliance with standards like GDPR and HIPAA.
However, the provided information does not explicitly discuss the impact of this vulnerability on compliance with specific regulations or standards.
How can this vulnerability impact me? :
This vulnerability allows a local attacker with limited privileges to perform unauthorized file writes outside the intended tools directory by rebinding the tools-root path during the installation process.
Such unauthorized writes could lead to modification or insertion of malicious files in arbitrary locations on the file system, potentially compromising system integrity or security.
Because the attacker can redirect where files are written, this could be used to overwrite critical files or place malicious executables, increasing the risk of further exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local path traversal issue in the OpenClaw skills download installer caused by a TOCTOU race condition. Detection involves identifying if the affected OpenClaw versions (prior to 2026.3.8) are installed and if the skills download installer is being used.
Since the vulnerability is local and involves path rebinding during file operations, network detection is not straightforward. Instead, detection should focus on verifying the installed OpenClaw version and monitoring for suspicious file system activity related to the tools root directory.
Suggested commands to detect vulnerable versions and suspicious activity include:
- Check OpenClaw version installed: `openclaw --version` or check package.json or npm list for the openclaw package version.
- Search for installed OpenClaw versions prior to 2026.3.8: `npm list openclaw` or `npm ls openclaw`.
- Monitor file system changes or symbolic link changes in the tools root directory during skill downloads using commands like `inotifywait` on Linux: `inotifywait -m -r /path/to/tools-root`.
- Audit logs or use file integrity monitoring tools to detect unexpected file writes outside the intended tools directory.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade OpenClaw to version 2026.3.8 or later, where the vulnerability has been fixed by pinning the canonical tools root directory and enforcing strict path validation to prevent path rebinding attacks.
Additional immediate steps include:
- Avoid running the skills download installer on untrusted or shared systems where local attackers could exploit the TOCTOU race condition.
- Restrict permissions on the tools root directory to prevent unauthorized users from rebinding or modifying symbolic links.
- Monitor and audit file system activity related to skill downloads to detect any suspicious behavior.
- Apply the official patch or update from OpenClaw, which includes the fix implemented in commit 9abf014f3502009faf9c73df5ca2cff719e54639.