CVE-2026-32016

HighPublic PoCLPE

Published: 19 March 2026

Published

19 March 2026

Modified

25 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 3.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32016 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Match Legitimate Resource Name or Location (T1036.005); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Match Legitimate Resource Name or Location (T1036.005) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of the specific path validation bypass flaw in OpenClaw via patching to version 2026.2.22 or later.

CM-10 Software Usage Restrictions good match

prevent

Enforces deny-all, permit-by-exception policies for software execution, preventing unauthorized binaries from running despite basename-only allowlist bypasses in tools like OpenClaw.

CM-11 User-installed Software partial match

preventdetect

Monitors and controls user-installed software, detecting or blocking the placement and execution of malicious binaries like the attacker's same-name ./echo in unauthorized paths.

MITRE ATT&CK Enterprise TechniquesAI

T1036.005 Match Legitimate Resource Name or Location Stealth

Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Path validation bypass (basename-only allowlist) directly enables local low-priv attackers to plant/execute matching malicious binaries (masquerading + Unix shell execution) and achieve full system impact, mapping to privilege escalation via exploitation of the security control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo without approval…

when security=allowlist and ask=on-miss are configured, bypassing intended path-based policy restrictions.

Deeper analysisAI

CVE-2026-32016 is a path validation bypass vulnerability (CWE-426) affecting OpenClaw versions prior to 2026.2.22 on macOS. It occurs in the exec-approval allowlist mode, where basename-only allowlist entries can be exploited to execute unauthorized binaries. Specifically, attackers can run local binaries with the same name as approved ones, such as ./echo, without triggering approval prompts when security=allowlist and ask=on-miss are configured, thus circumventing intended path-based policy restrictions. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Local attackers with low privileges can exploit this issue with low complexity and no user interaction required. By placing a malicious binary with a basename matching an allowlisted entry in a different path, they bypass restrictions and execute arbitrary code, potentially leading to high confidentiality, integrity, and availability impacts on the system.

Mitigation is available in OpenClaw version 2026.2.22 and later, as detailed in the upstream patch at the referenced GitHub commit (dd41fadcaf58fd9deb963d6e163c56161e7b35dd). Security practitioners should review the GitHub Security Advisory (GHSA-7f4q-9rqh-x36p) and VulnCheck advisory for full details on the fix, which addresses the basename matching logic, and upgrade affected systems immediately.

Details

CWE(s): CWE-426

Affected Products

openclaw

≤ 2026.2.22

CVEs Like This One

CVE-2026-32032Same product: Openclaw Openclaw

CVE-2026-27487Same product: Apple Macos

CVE-2026-25157Same product: Apple Macos

CVE-2026-32009Same product: Openclaw Openclaw

CVE-2026-32015Same product: Openclaw Openclaw

CVE-2026-24070Same product: Apple Macos

CVE-2026-32023Same product: Openclaw Openclaw

CVE-2026-32971Same product: Openclaw Openclaw

CVE-2026-35666Same product: Openclaw Openclaw

CVE-2026-32063Same product: Openclaw Openclaw

References

https://github.com/openclaw/openclaw/commit/dd41fadcaf58fd9deb963d6e163c56161e7b35dd
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-7f4q-9rqh-x36p
Mitigation, Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-path-traversal-via-basename-only-allowlist-matching-on-macos
Third Party Advisory · disclosure@vulncheck.com