CVE-2026-32017
MEDIUM
openclaw
NVD
CVSS Score
5.9
Severity
MEDIUM
Published
Mar 19, 2026
Vendor
openclaw
Description
OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.
References
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754
- https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc
- https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98
- https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-option-bypass-in-exec-allowlist