Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.4%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-28447
  • Openclaw » Openclaw » Version: 2026.1.111
    cpe:2.3:a:openclaw:openclaw:2026.1.111
  • Openclaw » Openclaw » Version: 2026.1.112
    cpe:2.3:a:openclaw:openclaw:2026.1.112
  • Openclaw » Openclaw » Version: 2026.1.113
    cpe:2.3:a:openclaw:openclaw:2026.1.113
  • Openclaw » Openclaw » Version: 2026.1.122
    cpe:2.3:a:openclaw:openclaw:2026.1.122
  • Openclaw » Openclaw » Version: 2026.1.141
    cpe:2.3:a:openclaw:openclaw:2026.1.141
  • Openclaw » Openclaw » Version: 2026.1.162
    cpe:2.3:a:openclaw:openclaw:2026.1.162
  • Openclaw » Openclaw » Version: 2026.1.241
    cpe:2.3:a:openclaw:openclaw:2026.1.241
  • Openclaw » Openclaw » Version: 2026.1.29
    cpe:2.3:a:openclaw:openclaw:2026.1.29
  • Openclaw » Openclaw » Version: 2026.1.30
    cpe:2.3:a:openclaw:openclaw:2026.1.30
  • Openclaw » Openclaw » Version: 2026.1.51
    cpe:2.3:a:openclaw:openclaw:2026.1.51
  • Openclaw » Openclaw » Version: 2026.1.52
    cpe:2.3:a:openclaw:openclaw:2026.1.52
  • Openclaw » Openclaw » Version: 2026.1.53
    cpe:2.3:a:openclaw:openclaw:2026.1.53
  • Openclaw » Openclaw » Version: 2026.2.0
    cpe:2.3:a:openclaw:openclaw:2026.2.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved