CVE-2026-32020

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files outside the intended root.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-symlink-following-in-static-file-handler	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

23 Mar 2026, 18:13

Type	Values Removed	Values Added
CWE		CWE-22
Summary		(es) Las versiones de OpenClaw anteriores a 2026.2.22 contienen una vulnerabilidad de salto de ruta en el gestor de archivos estáticos que sigue enlaces simbólicos, permitiendo la lectura de archivos fuera del directorio raíz. Los atacantes pueden colocar enlaces simbólicos bajo el directorio raíz de la interfaz de usuario de Control para eludir las comprobaciones de confinamiento de directorio y leer archivos arbitrarios fuera de la raíz prevista.
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
References	~~() https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5 -~~	() https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-symlink-following-in-static-file-handler -~~	() https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-symlink-following-in-static-file-handler - Third Party Advisory

19 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 22:16

Updated : 2026-03-23 18:13

NVD link : CVE-2026-32020

Mitre link : CVE-2026-32020

CVE.ORG link : CVE-2026-32020

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

3.3 /10