📄 Description (English)
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation.
🤖 AI Executive Summary
OpenClaw versions before 2026.3.2 contain an archive extraction vulnerability in tar.bz2 installer paths that bypasses safety checks, allowing attackers to craft malicious skill archives causing local denial of service. While currently without public exploits or patches, this vulnerability affects organizations using OpenClaw for skill management and automation. The medium CVSS score (5.5) reflects local attack vector requirements, but the bypass of safety guardrails presents a meaningful risk to operational continuity.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 25, 2026 23:48
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations utilizing OpenClaw for automation and skill management—particularly in government digital transformation initiatives, banking automation platforms, and telecom service orchestration—face operational disruption risks. The vulnerability primarily impacts internal systems where attackers with local access could deploy malicious skill archives. Government agencies (NCA, CITC), financial institutions relying on automation frameworks, and telecommunications providers (STC, Mobily) managing network orchestration are most at risk. The denial of service impact could disrupt critical automation workflows during skill installation phases.
🏢 Affected Saudi Sectors
Government (Digital Transformation, NCA)
Banking and Financial Services
Telecommunications (STC, Mobily)
Energy and Utilities
Healthcare IT Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
5.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all OpenClaw installations across your infrastructure and document versions currently deployed
2. Restrict access to skill installation processes to authorized personnel only
3. Implement file integrity monitoring on OpenClaw installation directories
4. Monitor for suspicious tar.bz2 archive uploads or skill installation attempts
Patching Guidance:
1. Upgrade to OpenClaw version 2026.3.2 or later when available
2. Subscribe to OpenClaw security advisories for patch release notifications
3. Test patches in non-production environments before deployment
Compensating Controls (until patch available):
1. Implement strict input validation on skill archive uploads
2. Use application whitelisting to restrict executable skill installations
3. Deploy network segmentation to limit lateral movement from compromised skill installations
4. Enable detailed logging of all skill installation activities with alerting on failures
5. Validate archive integrity using cryptographic signatures before extraction
Detection Rules:
1. Alert on tar.bz2 files exceeding expected size thresholds during skill installation
2. Monitor for extraction errors or timeouts during skill installation processes
3. Track failed skill installation attempts with subsequent system resource exhaustion
4. Flag installations from non-standard or suspicious source locations
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع تثبيتات OpenClaw عبر البنية التحتية الخاصة بك وتوثيق الإصدارات المنشورة حالياً
2. قيد الوصول إلى عمليات تثبيت المهارات للموظفين المصرح لهم فقط
3. تنفيذ مراقبة سلامة الملفات على دلائل تثبيت OpenClaw
4. راقب محاولات تحميل أرشيفات tar.bz2 المريبة أو محاولات تثبيت المهارات
إرشادات التصحيح:
1. قم بالترقية إلى إصدار OpenClaw 2026.3.2 أو أحدث عند توفره
2. اشترك في تنبيهات أمان OpenClaw لإخطارات إصدار التصحيح
3. اختبر التصحيحات في بيئات غير الإنتاج قبل النشر
الضوابط البديلة (حتى توفر التصحيح):
1. تنفيذ التحقق الصارم من المدخلات على تحميلات أرشيفات المهارات
2. استخدم القائمة البيضاء للتطبيقات لتقييد تثبيتات المهارات القابلة للتنفيذ
3. نشر تقسيم الشبكة لتحديد الحركة الجانبية من تثبيتات المهارات المخترقة
4. تفعيل تسجيل مفصل لجميع أنشطة تثبيت المهارات مع التنبيه عند الفشل
5. التحقق من سلامة الأرشيف باستخدام التوقيعات التشفيرية قبل الاستخراج
قواعد الكشف:
1. تنبيه على ملفات tar.bz2 التي تتجاوز حدود الحجم المتوقعة أثناء تثبيت المهارات
2. مراقبة أخطاء الاستخراج أو انتهاء المهلة الزمنية أثناء عمليات تثبيت المهارات
3. تتبع محاولات تثبيت المهارات الفاشلة مع استنزاف موارد النظام اللاحقة
4. وضع علامة على التثبيتات من مواقع مصدر غير قياسية أو مريبة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging of access
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Asset management and inventory
SAMA CSF PR.IP-12 - Software development and quality assurance
SAMA CSF DE.CM-1 - Detection and analysis of anomalies
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Information and other assets associated with information processing facilities
ISO 27001:2022 A.14.2.1 - Secure development policy and procedures
ISO 27001:2022 A.8.1.1 - Inventory of assets
🔗 References & Sources 3
🔗
https://github.com/openclaw/openclaw/commit/0dbb92dd2bcf9a32379d11c0f11ed016669dae3e
disclosure@vulncheck.com
Patch
🔗
https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227
disclosure@vulncheck.com
Vendor Advisory
🔗
https://www.vulncheck.com/advisories/openclaw-tar-archive-safety-bypass-in-skills-insta...
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
openclaw:openclaw