CVE-2026-32017

5.9 MEDIUM
Published: March 19, 2026 Modified: March 19, 2026
View on NVD

Description

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754
Source: disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc
Source: disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13
Source: disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-option-bypass-in-exec-allowlist
Source: disclosure@vulncheck.com

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.9 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-184

Related CVEs

CVE-2026-3550 5.3
CVE-2026-33192 N/A
CVE-2026-33080 7.3
CVE-2026-33075 N/A
CVE-2026-33072 8.2