CVE-2026-27670 | OpenClaw up to 2026.3.1 ZIP Extraction toctou (GHSA-r54r-wmmq-mh84)

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability described as problematic has been identified in OpenClaw up to 2026.3.1. Impacted is an unknown function of the component ZIP Extraction. Executing a manipulation can lead to time-of-check time-of-use.

The identification of this vulnerability is CVE-2026-27670. The attack can only be executed locally. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-27670 | OpenClaw up to 2026.3.1 ZIP Extraction toctou (GHSA-r54r-wmmq-mh84)

Post correlati

CVE-2025-49877 | Metagauss ProfileGrid Plugin up to 5.9.5.2 on WordPress server-side request forgery

CVE-2024-45412 | yeti up to 2.1.10 Unicode allocation of resources

CVE-2025-13789 | ZenTao up to 21.7.6-8564 module/ai/model.php makeRequest Base server-side request forgery

CVE-2024-30584 | Tenda FH1202 1.2.0.14(408) /goform/WifiBasicSet formWifiBasicSet security stack-based overflow