CVE-2026-32015
HIGH
GHSA-g75x-8qqm-2vxp
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.
Analysis
OpenClaw versions before 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows local attackers with process environment control to execute arbitrary binaries by spoofing allowlisted tool names like jq. An attacker who can manipulate the gateway process PATH can bypass executable validation controls and achieve code execution with the privileges of the affected process. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw deployments and identify systems running vulnerable versions 2026.1.21-2026.2.18; immediately restrict gateway process execution privileges and isolate affected systems from production traffic where possible. Within 7 days: Implement PATH environment variable hardening on all gateway servers by removing user-writable directories and enforcing absolute binary paths; enable enhanced logging and monitoring of process execution. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today