CVE-2026-32015

HIGH EPSS 2.8%
Published Mar 19, 20263mo ago · Modified Mar 25, 20263mo ago
7.3 CVSS 4.0
High
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Mar 25, 2026 3mo ago

Description

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.

CVSS Details

Base Score
7.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
2.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-426

Affected Products 1

VendorProductVersionRange
openclawopenclaw*≥2026.1.21  –  <2026.2.19

References 3

  • github.com https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23
    Patch