What is the CVSS score of CVE-2026-22180?

CVE-2026-22180 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Canonical are affected by CVE-2026-22180?

CVE-2026-22180 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Canonical CVE-2026-22180

EUVD-2026-12726 MEDIUM

Improper Link Resolution Before File Access (CWE-59)

2026-03-18 VulnCheck

GHSA-3pxq-f3cp-jmxp

Authentication Bypass Canonical

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 18, 2026 - 02:30 euvd

EUVD-2026-12726

Analysis Generated

Mar 18, 2026 - 02:30 vuln.today

Patch released

Mar 18, 2026 - 02:30 nvd

Patch available

CVE Published

Mar 18, 2026 - 01:34 nvd

MEDIUM 5.3

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

4 npm packages depend on openclaw (4 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.2.

DescriptionNVD

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and write files to arbitrary locations.

AnalysisAI

OpenClaw prior to version 2026.3.2 allows local users with standard privileges to write files outside designated directories through insufficient path validation in the browser output handler. An attacker can exploit this path-confinement bypass to place malicious files in arbitrary filesystem locations, potentially leading to privilege escalation or system compromise.

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-49238 HIGH This Week

8.4 May 28

Virtual machine escape in Canonical Multipass before 1.16.3 allows a root user inside a guest VM to read arbitrary files

CVE-2026-49237 HIGH This Week

7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

CVE-2026-42790 HIGH This Week

7.6 May 27

TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted ident

CVE-2026-42462 HIGH This Week

7.0 May 26

Here is the multi-source synthesis for CVE-2026-42462: ```json { "product_name": "Fedify", "summary": "Linked Data

CVE-2026-47674 MEDIUM This Month

5.3 May 28

IP restriction bypass in Hono's ip-restriction middleware (hono/ip-restriction) prior to version 4.12.21 allows unauthen

CVE-2026-22180 vulnerability details – vuln.today

Back