Cyber Resilience

CVE-2026-32007

HighPublic PoC

Published: 19 March 2026

Published
19 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score v4 7.6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 28.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32007 is a high-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-32007, published on 2026-03-19, is a path traversal vulnerability (CWE-22) in the experimental apply_patch tool of OpenClaw versions prior to 2026.2.23. The flaw stems from inconsistent enforcement of workspace-only checks on mounted paths, enabling attackers with sandbox access to modify files outside the designated workspace directory.

Exploitation requires network access (AV:N), low privileges such as sandbox access (PR:L), and high attack complexity (AC:H), with no user interaction needed (UI:N) and unchanged scope (S:U). Successful attacks allow modification of arbitrary files on the system via apply_patch operations on writable mounts outside the workspace root, resulting in high confidentiality and integrity impacts but no availability disruption (CVSS 6.8, CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).

Mitigation details are provided in the OpenClaw GitHub security advisory (GHSA-h9xm-j4qg-fvpg) and a fixing commit (6634030be31e1a1842967df046c2f2e47490e6bf), along with analysis in the Vulncheck advisory on the sandbox bypass in the apply_patch tool. Affected users should upgrade to OpenClaw 2026.2.23 or later.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can…

more

use apply_patch operations on writable mounts outside the workspace root to access and modify arbitrary files on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Path traversal in sandboxed apply_patch enables arbitrary file modification outside workspace via mounted paths, directly facilitating sandbox/container escape (T1611) and privilege escalation via vulnerability exploitation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27523Same product: Openclaw Openclaw
CVE-2026-32060Same product: Openclaw Openclaw
CVE-2026-28393Same product: Openclaw Openclaw
CVE-2026-28457Same product: Openclaw Openclaw
CVE-2026-28462Same product: Openclaw Openclaw
CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-33581Same product: Openclaw Openclaw
CVE-2026-32055Same product: Openclaw Openclaw
CVE-2026-28482Same product: Openclaw Openclaw
CVE-2026-32026Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.23

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces consistent workspace-only access controls to prevent path traversal modifications outside the designated directory via the apply_patch tool.

prevent

Validates path inputs to the apply_patch tool, blocking traversal sequences that exploit inconsistent checks on mounted paths.

prevent

Enforces information flow restrictions limiting apply_patch operations to workspace boundaries, mitigating unauthorized access to external mounted paths.

References