Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-32026

Temporary path handling could write outside OpenClaw temp boundary
Back to all
CVE

CVE-2026-32026

Temporary path handling could write outside OpenClaw temp boundary

Summary

Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published version verified during triage: 2026.2.23
  • Affected versions: <= 2026.2.23
  • Patched versions (planned next release): >= 2026.2.24

Details

In affected versions, sandbox media path resolution allowed absolute host tmp paths as trusted media inputs when they were under os.tmpdir(), without requiring that the path stay within the active sandboxRoot.

Because outbound attachment hydration consumed these paths as already validated, this enabled out-of-sandbox host tmp file reads and exfiltration through attachment delivery.

Impact

  • Confidentiality impact: high for deployments relying on sandboxRoot as a strict local filesystem boundary.
  • Practical impact: attacker-controlled media references could read and attach host tmp files outside the sandbox workspace boundary.

Remediation

  • Restrict sandbox tmp-path acceptance to OpenClaw-managed temp roots only.
  • Default SDK/extension temp helpers to OpenClaw-managed temp roots.
  • Add CI guardrails to prevent broad tmp-root regressions in messaging/channel code paths.

Fix Commit(s)

  • d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5
  • 79a7b3d22ef92e36a4031093d80a0acb0d82f351
  • def993dbd843ff28f2b3bad5cc24603874ba9f1e

Release Process Note

The advisory is pre-set with patched version 2026.2.24 so it is ready for publication once that npm release is available.

OpenClaw thanks @tdjackey for reporting.

Publication Update (2026-02-25)

openclaw@2026.2.24 is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
C
H
U
6.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49, https://nvd.nist.gov/vuln/detail/CVE-2026-32026, https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351, https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5, https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox

Severity

6.5

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
6.5
EPSS Probability
0.0007%
EPSS Percentile
0.21346%
Introduced Version
0,2026.2.22,2026.2.19,2026.2.15,2026.2.14,2026.2.13,2026.2.12,2026.2.2,2026.1.29-beta.1,2026.1.27-beta.1,2026.1.24,2026.1.23,2026.1.22
Fix Available
2026.2.24

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading