CVE-2026-32055HIGH 8.2EPSS p23.8%

CVE-2026-32055CVE-2026-32055

Description

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
EPSS0.32% probability of exploitation · percentile 23.8% · 2026-06-19T12:03:05Z
Published2026-03-21
Last modified2026-03-23

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/openclaw/openclaw/commit/1aef45bc060b28a0af45a67dc66acd36aef763c9
  2. https://github.com/openclaw/openclaw/commit/46eba86b45e9db05b7b792e914c4fe0de1b40a23
  3. https://github.com/openclaw/openclaw/security/advisories/GHSA-mgrq-9f93-wpp5
  4. https://www.vulncheck.com/advisories/openclaw-workspace-path-boundary-bypass-via-non-existent-symlink

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32060
CVE
CVE-2026-32007
CVE
CVE-2026-32026
CVE
CVE-2026-41397
CVE
CVE-2026-28453
CVE
CVE-2026-32013
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.