CVE-2026-32009

MEDIUM
2026-03-19 [email protected] GHSA-5gj7-jf77-q2q2
5.7
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 19, 2026 - 22:30 vuln.today
CVE Published
Mar 19, 2026 - 22:16 nvd
MEDIUM 5.7

Tags

Authentication Bypass

Description

OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context.

Analysis

Arbitrary command execution in OpenClaw prior to version 2026.2.24 results from improper validation of binaries in package manager directories that are included in the safeBins allowlist. An attacker with write access to trusted paths such as /opt/homebrew/bin or /usr/local/bin can plant a malicious binary to achieve code execution within the OpenClaw runtime. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

29
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

CVE-2026-32009 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy