CVE-2026-43570 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
openclaw	openclaw	2026.3.22 ≤ 𝑥 < 2026.4.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-61 - UNIX Symbolic Link (Symlink) Following
The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Vulnerability Media Exposure

[GERMAN] OpenClaw: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Published: 2026-04-16T22:00:00+00:00

References

https://github.com/openclaw/openclaw/commit/94b0062e90467e1582b47cc971f308457c537f3a

https://github.com/openclaw/openclaw/commit/b1dd3ded3589f6fa60ab85b3930a82d538edaeae

https://github.com/openclaw/openclaw/security/advisories/GHSA-cr8r-7g2h-6wr6

https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-remote-marketplace-repository-path-handling