CVE-2026-32026

MEDIUM

OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox

Title source: cna

Description

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.

References (5)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49

[Patch] https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5

View Patch ZIP pw:eip

[Patch] https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351

[Patch] https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

npm/openclaw 0 - 2026.2.24npm

OpenClaw/OpenClaw < 2026.2.24

OpenClaw/OpenClaw 2026.2.24

Published Mar 19, 2026

Tracked Since Mar 20, 2026