CVE-2026-32036

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

23 Mar 2026, 17:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
CWE		CWE-22
References	~~() https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0 -~~	() https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels -~~	() https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels - Third Party Advisory
First Time		Openclaw openclaw Openclaw
Summary		(es) Las versiones del plugin de pasarela OpenClaw anteriores a la 2026.2.26 contienen una vulnerabilidad de salto de ruta que permite a atacantes remotos eludir las comprobaciones de autenticación de ruta manipulando las rutas /api/channels con secuencias de salto de segmento de punto codificadas. Los atacantes pueden elaborar rutas alternativas utilizando patrones de salto codificados para acceder a rutas de canales de plugin protegidas cuando los manejadores normalizan la ruta entrante, eludiendo los controles de seguridad.

19 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 22:16

Updated : 2026-03-23 17:12

NVD link : CVE-2026-32036

Mitre link : CVE-2026-32036

CVE.ORG link : CVE-2026-32036

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-289

Authentication Bypass by Alternate Name

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10