CVE-2026-32026

MediumPublic PoC

Published: 19 March 2026

Published

19 March 2026

Modified

23 March 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0007 21.3th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32026 is a medium-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly requires validation of information inputs such as malicious media path references to prevent improper path traversal outside the sandbox root.

AC-3 Access Enforcement good match

prevent

AC-3 enforces logical access controls to system resources like host temporary directory files, mitigating unauthorized reads via absolute paths.

AC-4 Information Flow Enforcement partial match

prevent

AC-4 controls information flows within the system, addressing sandbox media handling to restrict access from outside the active sandbox root.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Path traversal vuln in network-accessible sandbox media handler directly enables initial access via public app exploitation (T1190) and arbitrary local file reads from host temp dir (T1005) for exfil.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read…

and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.

Deeper analysisAI

CVE-2026-32026 is an improper path validation vulnerability (CWE-22) affecting OpenClaw versions prior to 2026.2.24. The issue resides in the sandbox media handling component, where absolute paths under the host temporary directory are permitted outside the active sandbox root. This flaw, published on 2026-03-19, carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact.

Attackers with low privileges (PR:L) can exploit this over the network with low complexity and no user interaction required. By providing malicious media references, they can read arbitrary files from the host temporary directory and exfiltrate them through attachment delivery mechanisms, potentially exposing sensitive temporary data.

Mitigation is addressed in OpenClaw version 2026.2.24 and later via patches in GitHub commits 79a7b3d22ef92e36a4031093d80a0acb0d82f351, d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5, and def993dbd843ff28f2b3bad5cc24603874ba9f1e. Additional details are available in the OpenClaw security advisory at GHSA-33hm-cq8r-wc49 and the VulnCheck advisory at vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox. Security practitioners should update to the patched version and review sandbox path validation in media handling.

Details

CWE(s): CWE-22

Affected Products

openclaw

≤ 2026.2.24

CVEs Like This One

CVE-2026-32030Same product: Openclaw Openclaw

CVE-2026-33581Same product: Openclaw Openclaw

CVE-2026-28462Same product: Openclaw Openclaw

CVE-2026-32846Same product: Openclaw Openclaw

CVE-2026-32033Same product: Openclaw Openclaw

CVE-2026-22171Same product: Openclaw Openclaw

CVE-2026-28453Same product: Openclaw Openclaw

CVE-2026-35668Same product: Openclaw Openclaw

CVE-2026-32055Same product: Openclaw Openclaw

CVE-2026-28482Same product: Openclaw Openclaw

References

https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49
Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox
Third Party Advisory · disclosure@vulncheck.com