CVE-2026-32007
Published: 19 March 2026
Summary
CVE-2026-32007 is a medium-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces consistent workspace-only access controls to prevent path traversal modifications outside the designated directory via the apply_patch tool.
Validates path inputs to the apply_patch tool, blocking traversal sequences that exploit inconsistent checks on mounted paths.
Enforces information flow restrictions limiting apply_patch operations to workspace boundaries, mitigating unauthorized access to external mounted paths.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in sandboxed apply_patch enables arbitrary file modification outside workspace via mounted paths, directly facilitating sandbox/container escape (T1611) and privilege escalation via vulnerability exploitation (T1068).
NVD Description
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can…
more
use apply_patch operations on writable mounts outside the workspace root to access and modify arbitrary files on the system.
Deeper analysisAI
CVE-2026-32007, published on 2026-03-19, is a path traversal vulnerability (CWE-22) in the experimental apply_patch tool of OpenClaw versions prior to 2026.2.23. The flaw stems from inconsistent enforcement of workspace-only checks on mounted paths, enabling attackers with sandbox access to modify files outside the designated workspace directory.
Exploitation requires network access (AV:N), low privileges such as sandbox access (PR:L), and high attack complexity (AC:H), with no user interaction needed (UI:N) and unchanged scope (S:U). Successful attacks allow modification of arbitrary files on the system via apply_patch operations on writable mounts outside the workspace root, resulting in high confidentiality and integrity impacts but no availability disruption (CVSS 6.8, CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
Mitigation details are provided in the OpenClaw GitHub security advisory (GHSA-h9xm-j4qg-fvpg) and a fixing commit (6634030be31e1a1842967df046c2f2e47490e6bf), along with analysis in the Vulncheck advisory on the sandbox bypass in the apply_patch tool. Affected users should upgrade to OpenClaw 2026.2.23 or later.
Details
- CWE(s)