Cyber Resilience

CVE-2026-32017

MediumPublic PoC

Published: 19 March 2026

Published
19 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 17.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32017 is a medium-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32017 is an allowlist bypass vulnerability in the exec safeBins policy of OpenClaw versions prior to 2026.2.19. The flaw enables attackers to write arbitrary files by attaching short-option payloads, such as -o, to whitelisted binaries, thereby circumventing argument validation checks that are intended to block unauthorized file-write operations. This issue is classified under CWE-184 (Incomplete List of Disallowed Inputs) with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L), indicating high integrity impact potential over the network with low privileges required.

Attackers with low-privilege access (PR:L) can exploit this vulnerability remotely (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By appending short options to arguments of safeBins-whitelisted binaries, they bypass the policy's restrictions, achieving unauthorized arbitrary file writes that compromise system integrity (I:H) and cause limited availability disruption (A:L), without affecting confidentiality.

Mitigation is addressed in OpenClaw version 2026.2.19 and later through patches detailed in GitHub commits bafdbb6f112409a65decd3d4e7350fbd637c7754, cfe8457a0f4aae5324daec261d3b0aad1461a4bc, and fec48a5006eab37c6a5821726ccaeec886486b13. Additional guidance is available in the project's security advisory at GHSA-3x3x-h76w-hp98 and VulnCheck's advisory on the short-option bypass. Security practitioners should upgrade affected installations immediately and review exec safeBins configurations for similar bypass risks.

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling…

more

unauthorized file-write operations that should be denied by safeBins checks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote allowlist bypass in OpenClaw directly enables exploitation of a public-facing application (T1190) for arbitrary file writes that produce high-integrity impact from low privileges, mapping to exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-43566Same product: Openclaw Openclaw
CVE-2026-43578Same product: Openclaw Openclaw
CVE-2026-43532Same product: Openclaw Openclaw
CVE-2026-34426Same product: Openclaw Openclaw
CVE-2026-28363Same product: Openclaw Openclaw
CVE-2026-44110Same product: Openclaw Openclaw
CVE-2026-32987Same product: Openclaw Openclaw
CVE-2026-32005Same product: Openclaw Openclaw
CVE-2026-41361Same product: Openclaw Openclaw
CVE-2026-28392Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.19

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the allowlist bypass flaw in OpenClaw's safeBins policy via patching to version 2026.2.19 or later.

prevent

Mandates validation of command-line arguments as information inputs to the exec policy, preventing short-option bypasses that enable unauthorized file writes.

prevent

Enforces restriction to essential whitelisted binaries and functions, mitigating risks from incomplete safeBins allowlist validation by limiting overall executable capabilities.

References