CVE-2026-32026HIGH 8.6EPSS p26.1%

CVE-2026-32026CVE-2026-32026

Description

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.34% probability of exploitation · percentile 26.1% · 2026-06-19T12:03:05Z
Published2026-03-19
Last modified2026-03-23

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351
  2. https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5
  3. https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e
  4. https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49
  5. https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32060
CVE
CVE-2026-33581
CVE
CVE-2026-32055
CVE
CVE-2026-28462
CVE
CVE-2026-32046
CVE
CVE-2026-41296
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.