Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-32060

OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace
Back to all
CVE

CVE-2026-32060

OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace

Summary

In affected versions, when apply_patch was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.13
  • Fixed: >= 2026.2.14

Details

The non-sandbox path resolution in apply_patch did not enforce workspace containment. Inputs like ../../... or absolute paths could escape the working directory in non-sandboxed mode.

Impact

Practical impact depends on deployment and who can trigger tool execution. This is most relevant when tool invocation is exposed to less-trusted callers or when operators expected workspace-only containment.

Workarounds

  • Keep tools.exec.applyPatch.enabled disabled if you do not need apply_patch.
  • Keep tools.exec.applyPatch.workspaceOnly at its secure default of true.
  • Restrict who can trigger tool execution (and which tools are allowlisted).

Configuration Note

tools.exec.applyPatch.workspaceOnly: false intentionally opts out of workspace containment and can re-enable outside-workspace writes/deletes.

Fix

  • PR: https://github.com/openclaw/openclaw/pull/16405
  • Merge commit: 5544646a09c0121fca7d7093812dc2de8437c7f1

Credits

Thanks to @p80n-sec for reporting this issue.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.7
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-r5fq-947m-xm57, https://nvd.nist.gov/vuln/detail/CVE-2026-32060, https://github.com/openclaw/openclaw/pull/16405, https://github.com/openclaw/openclaw/commit/5544646a09c0121fca7d7093812dc2de8437c7f1, https://github.com/openclaw/openclaw, https://github.com/openclaw/openclaw/releases/tag/v2026.2.14, https://www.vulncheck.com/advisories/openclaw-path-traversal-in-apply-patch-via-crafted-paths

Severity

8.8

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
8.8
EPSS Probability
0.00548%
EPSS Percentile
0.67952%
Introduced Version
0
Fix Available
2026.2.14

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading