CVE-2026-32903

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,1

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: low

Description

AI Translation Available

OpenClaw before 2026.3.2 contains a symlink traversal vulnerability in stageSandboxMedia that allows attackers to overwrite files outside the sandbox workspace. Attackers can exploit unvalidated destination paths in media/inbound writes to follow symlinks and overwrite host files beyond intended sandbox boundaries.

Improper Link Resolution Before File Access ('Link Following')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Other

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Bypass Protection Mechanism Execute Unauthorized Code Or Commands

Applicable Platforms

Operating Systems: Windows, Unix

Likelihood of Exploit: Medium

View CWE Details

https://github.com/openclaw/openclaw/commit/17ede52a4be3034…

https://github.com/openclaw/openclaw/commit/17ede52a4be3034f6ec4b883ac6b81ad010…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c

https://vulncheck.com/advisories/openclaw-mar-symlink-trave…

https://vulncheck.com/advisories/openclaw-mar-symlink-traversal-in-stagesandbox…

CVE-2026-32903

Description

Improper Link Resolution Before File Access ('Link Following')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter