Cyber Resilience

CVE-2026-35632

MediumPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 34.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35632 is a medium-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Cron (T1053.003); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-35632, published on 2026-04-09, is a symlink traversal vulnerability in OpenClaw versions through 2026.2.22. The flaw affects the agents.create and agents.update handlers, which invoke fs.appendFile on IDENTITY.md without symlink containment checks, as associated with CWE-61. It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).

An attacker with workspace access and low privileges can exploit this vulnerability to plant symlinks, enabling the append of attacker-controlled content to arbitrary files outside the intended directory. Successful exploitation allows remote code execution through crontab injection or unauthorized access via SSH key manipulation.

Mitigation details and patches are documented in advisories such as the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5 and VulnCheck's analysis at https://www.vulncheck.com/advisories/openclaw-symlink-traversal-via-identity-md-appendfile-in-agents-create-update.

EU & UK References

Vulnerability details

OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files, enabling remote code execution…

more

via crontab injection or unauthorized access via SSH key manipulation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1053.003 Cron Execution
Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.
T1098.004 SSH Authorized Keys Persistence
Adversaries may modify the SSH <code>authorized_keys</code> file to maintain persistence on a victim host.
Why these techniques?

Symlink traversal enables arbitrary file appends, directly facilitating crontab injection (T1053.003) for RCE and SSH authorized_keys manipulation (T1098.004) for access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-41359Same product: Openclaw Openclaw
CVE-2026-32051Same product: Openclaw Openclaw
CVE-2026-32035Same product: Openclaw Openclaw
CVE-2026-41299Same product: Openclaw Openclaw
CVE-2026-41912Same product: Openclaw Openclaw
CVE-2026-44110Same product: Openclaw Openclaw
CVE-2026-41378Same product: Openclaw Openclaw
CVE-2026-44116Same product: Openclaw Openclaw
CVE-2026-32988Same product: Openclaw Openclaw
CVE-2026-32064Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the symlink traversal flaw in OpenClaw's agents.create and agents.update handlers by applying vendor patches to enforce symlink containment checks.

prevent

Requires validation of file paths and symlink checks prior to fs.appendFile operations to block attackers from planting symlinks for arbitrary file appends.

detect

Monitors integrity of critical files like crontab and SSH authorized_keys to identify unauthorized content appended via symlink traversal exploits.

References