Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-32055

OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Back to all
CVE

CVE-2026-32055

OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

Summary

openclaw had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Vulnerable versions: <= 2026.2.25
  • Patched versions: >= 2026.2.26 (pre-set for next planned release)
  • Latest published npm version at update time: 2026.2.25

Details

The boundary check path resolved aliases in a way that allowed a non-existent out-of-root symlink target to pass the initial validation window. A first write through the guarded workspace path could therefore escape the workspace boundary.

The fix hardens canonical boundary resolution so missing-leaf alias paths are evaluated against canonical containment, while preserving valid in-root aliases. This closes the first-write escape condition without regressing valid in-root alias usage.

Fix Commit(s)

  • 46eba86b45e9db05b7b792e914c4fe0de1b40a23
  • 1aef45bc060b28a0af45a67dc66acd36aef763c9

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.26). Once npm release 2026.2.26 is published, this advisory can be published directly.

Thanks @tdjackey for reporting.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.2
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
C
H
U
7.6
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-mgrq-9f93-wpp5, https://nvd.nist.gov/vuln/detail/CVE-2026-32055, https://github.com/openclaw/openclaw/commit/1aef45bc060b28a0af45a67dc66acd36aef763c9, https://github.com/openclaw/openclaw/commit/46eba86b45e9db05b7b792e914c4fe0de1b40a23, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-workspace-path-boundary-bypass-via-non-existent-symlink

Severity

7.6

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7.6
EPSS Probability
0.00081%
EPSS Percentile
0.23746%
Introduced Version
0,2026.2.25-beta.1
Fix Available
2026.2.26

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading