CVE-2026-41364

CVE-2026-41364 is a symlink following vulnerability (CWE-59) affecting OpenClaw versions prior to 2026.3.31. The issue resides in the SSH sandbox tar upload functionality, where the software fails to properly handle symlinks within uploaded tar archives. This allows remote attackers to craft malicious archives that escape the intended sandbox boundaries and overwrite arbitrary files on the remote host. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts.

Attackers require low privileges, such as those granted to a legitimate SSH user, to exploit this vulnerability over the network with low complexity and no user interaction. By uploading a specially crafted tar archive containing symlinks, an attacker can direct the extraction process to follow those links outside the sandbox, enabling arbitrary file writes on the host system. Successful exploitation could lead to overwriting critical configuration files, binaries, or data, potentially resulting in denial of service, privilege escalation, or persistence mechanisms.

Mitigation is addressed in the OpenClaw GitHub repository via commit 3d5af14984ac1976c747a8e11581d697bd0829dc, which resolves the issue in version 2026.3.31 and later. Security advisories from GitHub (GHSA-fv94-qvg8-xqpw) and Vulncheck detail the vulnerability and recommend upgrading to the patched version, along with general best practices such as restricting upload capabilities and validating tar contents for symlinks in sandboxed environments.