CVE-2026-32060

HighPublic PoC

Published: 11 March 2026

Published

11 March 2026

Modified

16 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0055 68.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory…

traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses path traversal by requiring validation and error handling of crafted path inputs to the apply_patch function, blocking directory traversal sequences and absolute paths.

SC-39 Process Isolation good match

prevent

Enforces process isolation through filesystem sandbox containment to restrict apply_patch file write/delete operations within the configured workspace directory.

CM-7 Least Functionality good match

prevent

Limits system to least functionality by prohibiting or restricting the apply_patch feature when not essential, preventing exploitation of the vulnerable component.

Security SummaryAI

CVE-2026-32060 is a path traversal vulnerability (CWE-22) affecting OpenClaw versions prior to 2026.2.14, specifically in the apply_patch component. This flaw allows attackers to write or delete files outside the configured workspace directory by exploiting crafted paths that include directory traversal sequences or absolute paths. The vulnerability arises when apply_patch is enabled without filesystem sandbox containment, enabling escape of workspace boundaries. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-11.

Attackers with low privileges, such as authenticated users with network access to the system, can exploit this vulnerability remotely with low complexity and no user interaction required. By supplying malicious paths to apply_patch, they can modify arbitrary files on the filesystem, potentially leading to full system compromise through data exfiltration, persistence, or disruption of critical services.

Mitigation is addressed in the OpenClaw GitHub security advisory (GHSA-r5fq-947m-xm57) and a related commit (5544646a09c0121fca7d7093812dc2de8437c7f1) that patches the issue; users should upgrade to OpenClaw 2026.2.14 or later. Additional details are available in the VulnCheck advisory on the path traversal via crafted paths. Disabling apply_patch or enabling filesystem sandboxing provides interim protection.

Details

CWE(s): CWE-22

Affected Products

openclaw

≤ 2026.2.14

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Path traversal vulnerability enables low-privileged remote attackers to write/delete/modify arbitrary files outside sandboxed workspace, directly facilitating exploitation for privilege escalation to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/openclaw/openclaw/commit/5544646a09c0121fca7d7093812dc2de8437c7f1
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-r5fq-947m-xm57
Patch, Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-path-traversal-in-apply-patch-via-crafted-paths
Third Party Advisory · disclosure@vulncheck.com