CVE-2026-32017
MEDIUM
6,0
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: low
Description
AI Translation Available
OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.
184
Incomplete List of Disallowed Inputs
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637…
https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad146…
https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec8864…
https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-op…