CVE-2026-43570

Description

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory.

CVSS v3.1 Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS — Exploit Prediction

0.0008

Probability of exploitation

0.24%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-61 CWE-61

Affected Products

Vendor	Product	Versions
openclaw	openclaw	2026.3.22 — 2026.4.5

References

Advisories & Patches

https://github.com/openclaw/openclaw/commit/94b0062e90467e1582b47cc971f308457c537f3a https://github.com/openclaw/openclaw/commit/b1dd3ded3589f6fa60ab85b3930a82d538edaeae https://github.com/openclaw/openclaw/security/advisories/GHSA-cr8r-7g2h-6wr6

Other References

https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-remote-marketplace-repository-path-handling

Frequently Asked Questions

What is CVE-2026-43570? +

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory. It has a CVSS v3.1 base score of 6.5 (MEDIUM).

How severe is CVE-2026-43570? +

CVE-2026-43570 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0008, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-43570? +

CVE-2026-43570 affects products from openclaw, specifically: openclaw. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-43570? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source …

CVE-2026-31893

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user …

CVE-2025-29787

`zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction …

CVE-2025-57802

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version …

CVE-2025-46810

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate …

CVE-2025-59825

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may …