Skip to main content

Openclaw CVE-2026-32017

MEDIUM
Incomplete List of Disallowed Inputs (CWE-184)
2026-03-19 disclosure@vulncheck.com GHSA-3x3x-h76w-hp98
6.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 19, 2026 - 22:30 vuln.today
CVE Published
Mar 19, 2026 - 22:16 nvd
MEDIUM 6.0

DescriptionCVE.org

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.

AnalysisAI

OpenClaw versions before 2026.2.19 allow authenticated attackers to bypass the exec safeBins policy and write arbitrary files by injecting short-option flags into whitelisted binary commands. An attacker with login credentials can exploit this allowlist bypass to perform unauthorized file-write operations that should be blocked by the safeBins security controls. No patch is currently available for this medium-severity vulnerability.

Technical ContextAI

OpenClaw implements a safeBins execution policy designed to restrict which binaries can be executed and what file operations they can perform, functioning as a command execution allowlist mechanism. The vulnerability stems from improper argument validation in this policy enforcement—specifically, the safeBins checker fails to properly parse and validate short-option flags (e.g., -o for output file specification) when attached to whitelisted binaries. This is classified as CWE-184 (Incomplete List of Disallowed Inputs), a variant of allowlist bypass where the validation logic does not account for all possible input formats that can achieve the same malicious outcome. By exploiting shell option syntax, an attacker can redirect command output to arbitrary file paths, effectively bypassing the intended safeBins restrictions that should prevent unauthorized file-write operations.

RemediationAI

Upgrade OpenClaw to version 2026.2.19 or later immediately to obtain the patched version that properly validates short-option arguments in the exec safeBins policy. The patches have been committed to the main repository and are available via https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754, https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc, and https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13. Until patching is completed, restrict network access to OpenClaw to trusted administrative users only, disable execution of binaries known to support output redirection via short options, and audit command execution logs for attempts to use short-option flags with whitelisted binaries. Review the security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98 for additional context and mitigation strategies.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-32017 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy