Description

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory.

INFO

Published Date :

2026-05-05T11:25:11.010Z

Last Modified :

2026-05-06T14:13:29.916Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-43570 vulnerability.

Vendors Products
Openclaw
  • Openclaw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-43570.

URL Resource
https://github.com/openclaw/openclaw/commit/94b0062e90467e1582b47cc971f308457c537f3a cve-icon cve-icon
https://github.com/openclaw/openclaw/commit/b1dd3ded3589f6fa60ab85b3930a82d538edaeae cve-icon cve-icon
https://github.com/openclaw/openclaw/security/advisories/GHSA-cr8r-7g2h-6wr6 cve-icon cve-icon
https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-remote-marketplace-repository-path-handling cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact