Openclaw
CVE-2026-32017
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.
AnalysisAI
OpenClaw versions before 2026.2.19 allow authenticated attackers to bypass the exec safeBins policy and write arbitrary files by injecting short-option flags into whitelisted binary commands. An attacker with login credentials can exploit this allowlist bypass to perform unauthorized file-write operations that should be blocked by the safeBins security controls. No patch is currently available for this medium-severity vulnerability.
Technical ContextAI
OpenClaw implements a safeBins execution policy designed to restrict which binaries can be executed and what file operations they can perform, functioning as a command execution allowlist mechanism. The vulnerability stems from improper argument validation in this policy enforcement—specifically, the safeBins checker fails to properly parse and validate short-option flags (e.g., -o for output file specification) when attached to whitelisted binaries. This is classified as CWE-184 (Incomplete List of Disallowed Inputs), a variant of allowlist bypass where the validation logic does not account for all possible input formats that can achieve the same malicious outcome. By exploiting shell option syntax, an attacker can redirect command output to arbitrary file paths, effectively bypassing the intended safeBins restrictions that should prevent unauthorized file-write operations.
RemediationAI
Upgrade OpenClaw to version 2026.2.19 or later immediately to obtain the patched version that properly validates short-option arguments in the exec safeBins policy. The patches have been committed to the main repository and are available via https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754, https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc, and https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13. Until patching is completed, restrict network access to OpenClaw to trusted administrative users only, disable execution of binaries known to support output redirection via short options, and audit command execution logs for attempts to use short-option flags with whitelisted binaries. Review the security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98 for additional context and mitigation strategies.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-184 – Incomplete List of Disallowed Inputs
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-3x3x-h76w-hp98