CVE-2026-41364: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
(updated )
SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
References
- github.com/advisories/GHSA-fv94-qvg8-xqpw
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc
- github.com/openclaw/openclaw/releases/tag/v2026.3.31
- github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw
- nvd.nist.gov/vuln/detail/CVE-2026-41364
- www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload
Code Behaviors & Features
Detect and mitigate CVE-2026-41364 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →