CVE-2026-32020

MEDIUM EPSS 3.0%
Published Mar 19, 20263mo ago · Modified Mar 23, 20263mo ago
4.8 CVSS 4.0
Medium
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Mar 23, 2026 3mo ago

Description

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files outside the intended root.

CVSS Details

Base Score
4.8
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
3.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt
CWE-59

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.22

References 3

  • github.com https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-symlink-following-in-static-file-handler
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5
    Patch