CVE-2026-31990
Published: 19 March 2026
Summary
CVE-2026-31990 is a medium-severity Link Following (CWE-59) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of file paths and symlinks in the media/inbound directory during stageSandboxMedia operations to prevent symlink traversal and unauthorized writes outside the sandbox.
Enforces approved information flows to confine media staging writes strictly within sandbox boundaries, blocking symlink-based escapes to the host system.
Mandates timely remediation of the specific flaw in stageSandboxMedia via patching to OpenClaw 2026.3.2 or later, directly eliminating the symlink validation failure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Symlink traversal in sandbox media staging enables host escape via arbitrary file writes outside workspace boundaries (T1611) and directly supports stored data manipulation through unauthorized overwrites (T1565.001).
NVD Description
OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in…
more
the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries.
Deeper analysisAI
CVE-2026-31990 is a symlink traversal vulnerability (CWE-59: Improper Link Resolution Before File Access) affecting OpenClaw versions prior to 2026.3.2. The issue lies in the stageSandboxMedia function, which fails to validate destination symlinks during media staging. This flaw allows writes to follow symlinks outside the intended sandbox workspace, potentially enabling unauthorized file modifications on the host system. The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L), indicating medium severity with high integrity impact.
A local attacker with low privileges can exploit this vulnerability by placing symbolic links in the media/inbound directory. Successful exploitation allows the attacker to overwrite arbitrary files on the host system beyond sandbox boundaries during media staging operations, compromising file integrity without requiring user interaction or elevated privileges.
Mitigation is available via the patch in OpenClaw commit 17ede52a4be3034f6ec4b883ac6b81ad0101558a (https://github.com/openclaw/openclaw/commit/17ede52a4be3034f6ec4b883ac6b81ad0101558a), which addresses versions prior to 2026.3.2. Additional guidance appears in the GitHub security advisory GHSA-cfvj-7rx7-fc7c (https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c) and the Vulncheck advisory (https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-stagesandboxmedia-destination). Practitioners should update to OpenClaw 2026.3.2 or later and review inbound media directories for symlinks.
Details
- CWE(s)