CVE-2026-41364HIGH 8.1EPSS p40.7%

CVE-2026-41364CVE-2026-41364

Description

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.7% · 2026-06-19T12:03:05Z
Published2026-04-28
Last modified2026-04-28

Underlying weaknesses· 1

CWE-59

References

  1. https://github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc
  2. https://github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw
  3. https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload

1

TypeTargetConfidenceTier
WeaknessImproper Link Resolution Before File Access ('Link Following')cwe-590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41397
CVE
CVE-2026-44112
CVE
CVE-2026-32013
CVE
CVE-2026-41383
CVE
CVE-2026-41296
CVE
CVE-2026-32055
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.