Skip to main content

Openclaw CVE-2026-32007

MEDIUM
Path Traversal (CWE-22)
2026-03-19 disclosure@vulncheck.com GHSA-h9xm-j4qg-fvpg
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 19, 2026 - 22:30 vuln.today
CVE Published
Mar 19, 2026 - 22:16 nvd
MEDIUM 6.8

DescriptionCVE.org

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can use apply_patch operations on writable mounts outside the workspace root to access and modify arbitrary files on the system.

AnalysisAI

OpenClaw versions before 2026.2.23 allow authenticated users with sandbox access to bypass workspace restrictions through a path traversal flaw in the apply_patch tool, enabling arbitrary file modification on the system. The vulnerability stems from inconsistent validation of mounted paths outside the workspace directory, permitting attackers to write to writable mounts beyond the intended sandbox boundaries. No patch is currently available for this MEDIUM severity issue.

Technical ContextAI

The vulnerability resides in OpenClaw's apply_patch tool, a utility designed to apply file patches within a sandboxed environment. The root cause is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'). The issue stems from inconsistent enforcement of workspace-boundary checks when processing mounted paths—specifically, the tool fails to properly validate that patch operations remain confined to the designated workspace root directory when interacting with writable mounts. This allows an attacker to construct apply_patch operations that traverse directory boundaries and access mounted filesystems outside the workspace, effectively breaking the sandbox isolation model. The affected product is OpenClaw, a collaborative development and automation platform.

RemediationAI

Immediately upgrade OpenClaw to version 2026.2.23 or later to apply the vendor's patch. The fix addresses inconsistent workspace boundary checks by enforcing stricter validation on all mounted paths before apply_patch operations are permitted. Until patching is completed, restrict sandbox access to users requiring it for essential workflows, disable the apply_patch tool if not actively used, and monitor file access logs for suspicious patch operations targeting locations outside the workspace directory. Reference the official security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-h9xm-j4qg-fvpg for detailed upgrade instructions and verification steps.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-32007 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy