CVE-2026-32024

MediumPublic PoC

Published: 19 March 2026

Published

19 March 2026

Modified

23 March 2026

KEV Added

—

Patch

—

CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0005 16.0th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32024 is a medium-severity Link Following (CWE-59) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific symlink traversal flaw in OpenClaw avatar handling by applying vendor patches from version 2026.2.22.

SI-10 Information Input Validation good match

prevent

Validates avatar resource path inputs to block symlink traversal attempts outside the configured workspace boundary.

AC-6 Least Privilege partial match

prevent

Limits damage from file disclosure by enforcing least privilege on the OpenClaw process, restricting access to only necessary files.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Symlink traversal in public-facing avatar component enables remote exploitation of the app (T1190) to read arbitrary local files (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local…

files accessible to the OpenClaw process.

Deeper analysisAI

CVE-2026-32024, published on 2026-03-19, is a symlink traversal vulnerability (CWE-59) in the avatar handling component of OpenClaw versions prior to 2026.2.22. It allows attackers to read arbitrary files outside the configured workspace boundary by exploiting symlinks, with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact but no integrity or availability effects.

Remote attackers can exploit the vulnerability by requesting avatar resources through gateway surfaces, disclosing local files accessible to the OpenClaw process. Although the CVSS vector specifies local attack vector and low privileges required, the description confirms remote exploitation potential via these resource requests.

Mitigation is addressed in OpenClaw version 2026.2.22 and later, with fixes implemented in GitHub commits 3d0337504349954237d09e4d957df5cb844d5e77 and 6970c2c2db3ee069ef0fff0ade5cfbdd0134f9d2. Further details on the vulnerability and remediation are provided in the GitHub Security Advisory at GHSA-rx3g-mvc3-qfjf and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-avatar-handling.

Details

CWE(s): CWE-59

Affected Products

openclaw

≤ 2026.2.22

CVEs Like This One

CVE-2026-32013Same product: Openclaw Openclaw

CVE-2026-41397Same product: Openclaw Openclaw

CVE-2026-28479Same product: Openclaw Openclaw

CVE-2026-32030Same product: Openclaw Openclaw

CVE-2026-33581Same product: Openclaw Openclaw

CVE-2026-32054Same product: Openclaw Openclaw

CVE-2026-43533Same product: Openclaw Openclaw

CVE-2026-28462Same product: Openclaw Openclaw

CVE-2026-42438Same product: Openclaw Openclaw

CVE-2026-32026Same product: Openclaw Openclaw

References

https://github.com/openclaw/openclaw/commit/3d0337504349954237d09e4d957df5cb844d5e77
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/6970c2c2db3ee069ef0fff0ade5cfbdd0134f9d2
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-rx3g-mvc3-qfjf
Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-avatar-handling
Third Party Advisory · disclosure@vulncheck.com