Skip to main content

Openclaw CVE-2026-32043

| EUVDEUVD-2026-13935 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-03-21 VulnCheck GHSA-3p2x-hjxj-c7rv
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

5
PoC Detected
Mar 24, 2026 - 19:10 vuln.today
Public exploit code
EUVD ID Assigned
Mar 21, 2026 - 01:00 euvd
EUVD-2026-13935
Analysis Generated
Mar 21, 2026 - 01:00 vuln.today
Patch released
Mar 21, 2026 - 01:00 nvd
Patch available
CVE Published
Mar 21, 2026 - 00:42 nvd
MEDIUM 6.5

DescriptionCVE.org

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.

AnalysisAI

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use (TOCTOU) vulnerability in the approval-bound system.run execution function where the current working directory (cwd) parameter is validated at approval time but resolved at execution time, allowing attackers with local access and limited privileges to retarget symlinked directories between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts. The vulnerability has a CVSS score of 6.5 with medium attack complexity but high integrity and availability impact, making it a notable local privilege escalation vector that requires user interaction in the approval workflow.

Technical ContextAI

The vulnerability resides in OpenClaw's approval-bound system.run execution mechanism, which is designed to enforce command execution policies by validating requested parameters before execution (CWE-367: Improper Handling of Exceptional Conditions). The cwd parameter undergoes validation at approval time to ensure it points to an authorized directory; however, the actual path resolution occurs at execution time. An attacker with local file system access can exploit this window by creating a symlink that initially points to an approved directory, obtaining approval, then modifying the symlink to point to an unauthorized directory before execution occurs. The CPE identifier cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* indicates all versions of OpenClaw prior to 2026.2.25 are affected by this race condition in path validation.

RemediationAI

Upgrade OpenClaw to version 2026.2.25 or later immediately, as a vendor patch is available and confirmed via the commit at https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db. Until patching can be completed, implement the following compensating controls: restrict local filesystem access to the OpenClaw process and approval workflow to trusted users only, enforce strict SELinux or AppArmor policies to prevent symlink traversal attacks, implement filesystem monitoring to detect suspicious symlink creation and modification patterns during approval workflows, and consider running OpenClaw in a sandboxed or containerized environment with restricted filesystem capabilities. Verify the patched version is deployed and validate that the cwd parameter validation now occurs at execution time rather than approval time.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-32043 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy