CVE-2026-32026

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-32026
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32026.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32026
Aliases
Published
2026-03-19T22:16:37.510Z
Modified
2026-04-02T13:24:18.621087Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.

References

Affected packages

Git / github.com/openclaw/openclaw

Affected ranges

Type
GIT
Repo
https://github.com/openclaw/openclaw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
79a7b3d22ef92e36a4031093d80a0acb0d82f351
Type
GIT
Repo
https://github.com/openclaw/openclaw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5
Type
GIT
Repo
https://github.com/openclaw/openclaw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
def993dbd843ff28f2b3bad5cc24603874ba9f1e

Affected versions

v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v1.*
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v2.*
v2.0.0-beta1
v2.0.0-beta2
v2.0.0-beta3
v2.0.0-beta4
v2.0.0-beta5
v2026.*
v2026.1.10
v2026.1.11
v2026.1.11-1
v2026.1.11-2
v2026.1.11-3
v2026.1.12
v2026.1.12-2
v2026.1.13
v2026.1.14-1
v2026.1.15
v2026.1.16-2
v2026.1.20
v2026.1.21
v2026.1.22
v2026.1.23
v2026.1.24
v2026.1.24-1
v2026.1.29
v2026.1.30
v2026.1.5
v2026.1.5-1
v2026.1.5-2
v2026.1.5-3
v2026.1.8
v2026.1.9
v2026.2.1
v2026.2.12
v2026.2.13
v2026.2.14
v2026.2.15-beta.1
v2026.2.17
v2026.2.19
v2026.2.19-beta.1
v2026.2.2
v2026.2.21
v2026.2.21-beta.1
v2026.2.22
v2026.2.22-beta.1
v2026.2.23
v2026.2.23-beta.1
v2026.2.3
v2026.2.6
v2026.2.6-1
v2026.2.6-2
v2026.2.6-3
v2026.2.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "attachment"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32026.json"