HIGHCVE-2026-32015Published 2026-03-19Modified 2026-03-25CNA VulnCheck

CVE-2026-32015: OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.

CVSS v4.0: 7.3
Severity: HIGH
Fixed in: 2026.2.19
Affected Products: 1

Fix available

2026.2.19

Patch commits

Patch Commit

Affected packages

OpenClaw / OpenClaw
< 2026.2.19 (from 2026.1.21)
Fixed in 2026.2.19

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

GitHub Security Advisory (GHSA-g75x-8qqm-2vxp)
Patch Commit
VulnCheck Advisory: OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation

Metrics

Fix available