CVE-2026-32043

MEDIUM

OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter

Title source: cna

Description

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.

References (3)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc

[Patch] https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

Details

CWE

CWE-367

Status published

Products (4)

npm/openclaw 0 - 2026.2.25npm

OpenClaw/OpenClaw < 2026.2.25

openclaw/openclaw < 2026.2.25

OpenClaw/OpenClaw 2026.2.25

Published Mar 21, 2026

Tracked Since Mar 21, 2026