CVE-2026-32009

HIGH EPSS 3.2%
Published Mar 19, 20263mo ago · Modified Mar 23, 20263mo ago
7.0 CVSS 4.0
High
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Mar 23, 2026 3mo ago

Description

OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context.

CVSS Details

Base Score
7.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
3.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-426

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.24

References 3

  • github.com https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a
    Patch