CVE-2026-32009

OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

23 Mar 2026, 18:33

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
References	~~() https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a -~~	() https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2 -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2 - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins -~~	() https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins - Third Party Advisory
Summary		(es) Las versiones de OpenClaw anteriores a 2026.2.24 contienen una vulnerabilidad de omisión de políticas en la evaluación de la lista de permitidos de safeBins que confía en directorios predeterminados estáticos, incluyendo rutas de gestores de paquetes escribibles como /opt/homebrew/bin y /usr/local/bin. Un atacante con acceso de escritura a estos directorios de confianza puede colocar un binario malicioso con el mismo nombre que un ejecutable permitido para lograr la ejecución arbitraria de comandos dentro del contexto de tiempo de ejecución de OpenClaw.

19 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 22:16

Updated : 2026-03-23 18:33

NVD link : CVE-2026-32009

Mitre link : CVE-2026-32009

CVE.ORG link : CVE-2026-32009

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-426

Untrusted Search Path

5.7 /10