CVE-2026-32036

HIGH EPSS 34.6%
Published Mar 19, 20263mo ago · Modified Jun 17, 20261w ago
8.3 CVSS 4.0
High
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.

CVSS Details

Base Score
8.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
34.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt
CWE-289

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.6

References 3

  • github.com https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0
    Patch