CVE-2026-27485

EPSS 0.01%

OpenClaw: Reject symlinks in local skill packaging script

發布日:2026/2/20修改日:2026/2/23

描述

## Vulnerability `skills/skill-creator/scripts/package_skill.py` (a local helper script used when authors package skills) previously followed symlinks while building `.skill` archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the resulting archive can include unintended file contents. ## Severity and Exposure - **Severity: Low** - **Execution context:** local/manual workflow only (skill author packaging step) - **No remote trigger:** this is not reachable via normal OpenClaw gateway/chat runtime paths - **No extraction Zip Slip in this finding:** this issue is limited to packaging-time symlink following ## Impact - Potential unintentional disclosure of local files from the packaging machine into a generated `.skill` artifact. - Requires local execution of the packaging script on attacker-controlled skill contents. ## Affected Components - `skills/skill-creator/scripts/package_skill.py` ## Affected Packages / Versions - Package: `openclaw` (npm) - Latest published version during triage: `2026.2.17` - Vulnerable version range: `<= 2026.2.17` - Planned patched version (next release): `2026.2.18` ## Remediation - Reject symlinks during skill packaging. - Add regression tests for symlink file and symlink directory cases. - Update packaging guidance to document the symlink restriction. ## Fix Commit(s) - `c275932aa4230fb7a8212fe1b9d2a18424874b3f` - `ee1d6427b544ccadd73e02b1630ea5c29ba9a9f0` ## Related PR - https://github.com/openclaw/openclaw/pull/20796 ## Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.18`). Once npm `[email protected]` is published, this advisory is ready to publish without additional edits. Thanks @aether-ai-agent for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

參考連結(7)