CVE-2026-32055

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-32055

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32055.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-32055

Aliases

GHSA-mgrq-9f93-wpp5

Downstream

MINI-248p-7qf6-6c3g

Published

2026-03-21T01:17:08.903Z

Modified

2026-04-02T13:24:15.948879Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator

Summary

[none]

Details

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations.

References

Affected packages

Git / github.com/openclaw/openclaw

Affected ranges

Type: GIT
Repo: https://github.com/openclaw/openclaw
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1aef45bc060b28a0af45a67dc66acd36aef763c9

Type: GIT
Repo: https://github.com/openclaw/openclaw
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46eba86b45e9db05b7b792e914c4fe0de1b40a23

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v1.*

v1.0.4

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v2.*

v2.0.0-beta1

v2.0.0-beta2

v2.0.0-beta3

v2.0.0-beta4

v2.0.0-beta5

v2026.*

v2026.1.10

v2026.1.11

v2026.1.11-1

v2026.1.11-2

v2026.1.11-3

v2026.1.12

v2026.1.12-2

v2026.1.13

v2026.1.14-1

v2026.1.15

v2026.1.16-2

v2026.1.20

v2026.1.21

v2026.1.22

v2026.1.23

v2026.1.24

v2026.1.24-1

v2026.1.29

v2026.1.30

v2026.1.5

v2026.1.5-1

v2026.1.5-2

v2026.1.5-3

v2026.1.8

v2026.1.9

v2026.2.1

v2026.2.12

v2026.2.13

v2026.2.14

v2026.2.15-beta.1

v2026.2.17

v2026.2.19

v2026.2.19-beta.1

v2026.2.2

v2026.2.21

v2026.2.21-beta.1

v2026.2.22

v2026.2.22-beta.1

v2026.2.23

v2026.2.23-beta.1

v2026.2.24

v2026.2.24-beta.1

v2026.2.25

v2026.2.25-beta.1

v2026.2.3

v2026.2.6

v2026.2.6-1

v2026.2.6-2

v2026.2.6-3

v2026.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32055.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "in-workspace"
            }
        ]
    }
]