CVE-2026-32013
Published: 19 March 2026
Summary
CVE-2026-32013 is a high-severity Link Following (CWE-59) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to files, preventing symlink traversal that allows reading and writing outside the agent workspace.
Validates file path inputs to agents.files.get and agents.files.set methods, blocking symlink traversal attempts by ensuring paths stay within the agent workspace.
Limits gateway process privileges to reduce the scope of accessible host files and potential damage from symlink-based overwrites leading to code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Symlink traversal in remote file get/set methods enables exploitation of public-facing application (T1190) and arbitrary file reads from local system (T1005), with potential for code execution via overwrites.
NVD Description
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway process…
more
permissions, potentially enabling code execution through file overwrite attacks.
Deeper analysisAI
CVE-2026-32013, published on 2026-03-19, is a symlink traversal vulnerability (CWE-59) in OpenClaw versions prior to 2026.2.25. The flaw exists in the agents.files.get and agents.files.set methods, enabling unauthorized reading and writing of files outside the agent workspace by exploiting symlinked allowlisted files.
Attackers require low privileges (PR:L) to exploit this vulnerability remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), earning a CVSS v3.1 base score of 8.8 (C:H/I:H/A:H/S:U). Successful exploitation allows access to arbitrary host files within the gateway process permissions, potentially enabling code execution via targeted file overwrite attacks.
Mitigation is detailed in the GitHub security advisory (GHSA-fgvx-58p6-gjwc) and the patching commit (125f4071bcbc0de32e769940d07967db47f09d3d), with further analysis in the VulnCheck advisory. Security practitioners should upgrade to OpenClaw 2026.2.25 or later to address the issue.
Details
- CWE(s)