漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw hardened the skill download target directory validation
Vulnerability Description
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only `skills.install` flow, this could write files outside the intended install sandbox. Version 2026.2.15 contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.15之前版本存在安全漏洞,该漏洞源于download技能安装时targetDir值验证不足,可能导致文件写入到预期沙箱之外。
CVSS Information
N/A
Vulnerability Type
N/A