CVE-2026-32015

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

25 Mar 2026, 15:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.0~~	v2 : unknown v3 : 7.8

23 Mar 2026, 19:10

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
References	~~() https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23 -~~	() https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation -~~	() https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation - Third Party Advisory
Summary		(es) Las versiones de OpenClaw 2026.1.21 anteriores a 2026.2.19 contienen una vulnerabilidad de secuestro de ruta en tools.exec.safeBins que permite a los atacantes eludir las comprobaciones de la lista de permitidos al controlar la resolución de la RUTA del proceso. Los atacantes que pueden influir en la RUTA del proceso de la pasarela o en el entorno de lanzamiento pueden ejecutar binarios troyanos con nombres en la lista de permitidos, como jq, eludiendo los controles de validación de ejecutables.

19 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 22:16

Updated : 2026-03-25 15:16

NVD link : CVE-2026-32015

Mitre link : CVE-2026-32015

CVE.ORG link : CVE-2026-32015

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-426

Untrusted Search Path

7.8 /10