top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers …

Published:

27 April 2026 at 22:00:00

Alert date:

28 April 2026 at 19:01:18

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Security Tools

OpenClaw versions before 2026.3.31 contain a symlink following vulnerability in the SSH sandbox tar upload functionality. Remote attackers can exploit this vulnerability by uploading specially crafted tar archives containing symlinks. The vulnerability allows attackers to escape the sandbox environment and write arbitrary files on the remote host. This represents a significant security risk as it bypasses sandbox protections and enables unauthorized file system access. The issue has been addressed in version 2026.3.31 and later releases.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41364
https://github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc
https://github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page