CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/d1c00dbb7c64a39e205464dae7f2a068420e91c1	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-include-directive-path-traversal	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

16 Mar 2026, 18:00

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
Summary		(es) Las versiones de OpenClaw anteriores a la 2026.2.17 contienen una vulnerabilidad de salto de ruta en la resolución de la directiva $include que permite la lectura de archivos locales arbitrarios fuera del límite del directorio de configuración. Atacantes con capacidades de modificación de configuración pueden explotar esto especificando rutas absolutas, secuencias de salto de ruta o enlaces simbólicos para acceder a archivos sensibles legibles por el usuario del proceso de OpenClaw, incluyendo claves de API y credenciales.
References	~~() https://github.com/openclaw/openclaw/commit/d1c00dbb7c64a39e205464dae7f2a068420e91c1 -~~	() https://github.com/openclaw/openclaw/commit/d1c00dbb7c64a39e205464dae7f2a068420e91c1 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4 -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4 - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-include-directive-path-traversal -~~	() https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-include-directive-path-traversal - Third Party Advisory

11 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 14:16

Updated : 2026-03-16 18:00

NVD link : CVE-2026-32061

Mitre link : CVE-2026-32061

CVE.ORG link : CVE-2026-32061

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.4 /10